CVE-2024-52517

Published Nov 15, 2024

Last updated 2 days ago

CVSS medium 4.6

Overview

Description
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
Source
security-advisories@github.com
NVD status
Received

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.6
Impact score
4
Exploitability score
0.2
Vector string
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-200

Social media

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score

1

  1. CVE-2024-52517 Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again,… https://t.co/aiBf6LgpXZ

    @CVEnew

    15 Nov 2024

    222 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References