CVE-2024-52523

Published Nov 15, 2024

Last updated 3 months ago

CVSS medium 4.6

Overview

Description
Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2.
Source
security-advisories@github.com
NVD status
Awaiting Analysis

Risk scores

CVSS 3.1

Type
Secondary
Base score
4.6
Impact score
4
Exploitability score
0.2
Vector string
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:H/I:N/A:N
Severity
MEDIUM

Weaknesses

security-advisories@github.com
CWE-200
134c704f-9b21-4f2e-91b3-4a467353bcc0
CWE-125

Social media

Hype score
Not currently trending

  1. CVE-2024-52523 Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns the… https://t.co/pLn4G0O8Sh

    @CVEnew

    15 Nov 2024

    272 Impressions

    0 Retweets

    0 Likes

    0 Bookmarks

    0 Replies

    0 Quotes

References