How severe is CVE-2022-39339?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.3 out of 10.

What type of vulnerability is CVE-2022-39339?

This is classified as CWE-319, which is a common weakness in software security.

CVE-2022-39339

MEDIUM Year: 2022

CVSS v3 Score

4.3

Medium

Weakness Type

CWE-319

View all →

Vulnerability Description

user_oidc is an OpenID Connect user backend for Nextcloud. In versions prior to 1.2.1 sensitive information such as the OIDC client credentials and tokens are sent in plain text of HTTP without TLS. Any malicious actor with access to monitor user traffic may have been able to compromise account security. This issue has been addressed in in user_oidc v1.2.1. Users are advised to upgrade. Users unable to upgrade may use https to access Nextcloud. Set an HTTPS discovery URL in the provider settings (in Nextcloud OIDC admin settings).

CVE-2018-11399

MEDIUM

CVSS:4.3(Medium)

SimpliSafe Original has Unencrypted Sensor Transmissions, which allows physically proximate attackers to obtain potentially sensitive information about the specific times when alarm-system events occu...

CWE-3192018

CVE-2019-10732

MEDIUM

CVSS:4.3(Medium)

In KDE KMail 5.2.3, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS ...

CWE-3192019

CVE-2019-10734

MEDIUM

CVSS:4.3(Medium)

In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CSS ...

CWE-3192019

CVE-2019-10735

MEDIUM

CVSS:4.3(Medium)

In Claws Mail 3.14.1, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden using HTML/CS...

CWE-3192019

CVE-2019-10740

MEDIUM

CVSS:4.3(Medium)

In Roundcube Webmail before 1.3.10, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted part(s) can further be hidden...

CWE-3192019

CVE-2019-18248

MEDIUM

CVSS:4.3(Medium)

BIOTRONIK CardioMessenger II, The affected products transmit credentials in clear-text prior to switching to an encrypted communication channel. An attacker can disclose the product’s client credentia...

CWE-3192019

CVE-2022-39339

Vulnerability Description

Related Vulnerabilities

CVE-2018-11399

CVE-2019-10732

CVE-2019-10734

CVE-2019-10735

CVE-2019-10740

CVE-2019-18248