CVE-2024-52518

Published Nov 15, 2024

Last updated 2 days ago

CVSS medium 4.4

Overview

Description: Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
Source: security-advisories@github.com
NVD status: Received

Risk scores

CVSS 3.1

Type: Secondary
Base score: 4.4
Impact score: 3.6
Exploitability score: 0.7
Vector string: CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N
Severity: MEDIUM

Weaknesses

security-advisories@github.com: CWE-287

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 1

CVE-2024-52518 Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create,… https://t.co/hPqa5qjK3e
@CVEnew
15 Nov 2024
242 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes

References