CVE-2024-52514

Published Nov 15, 2024

Last updated 2 days ago

CVSS medium 4.1

Overview

Description
Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.1
Impact score
1.4
Exploitability score
2.3
Vector string
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-284

Social media

Hype score
Not currently trending

  1. CVE-2024-52514 Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user woul… https://t.co/xBDQNQEw1V

    @CVEnew

    15 Nov 2024

    186 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References