Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.
References
| Link | Resource |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c | Vendor Advisory |
| https://github.com/nextcloud/server/pull/44276 | Issue Tracking Patch |
| https://hackerone.com/reports/2419776 | Issue Tracking |
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c | Vendor Advisory |
| https://github.com/nextcloud/server/pull/44276 | Issue Tracking Patch |
| https://hackerone.com/reports/2419776 | Issue Tracking |
Configurations
Configuration 1 (hide)
|
History
26 Sep 2025, 23:39
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Nextcloud
Nextcloud nextcloud Server |
|
| References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c - Vendor Advisory | |
| References | () https://github.com/nextcloud/server/pull/44276 - Issue Tracking, Patch | |
| References | () https://hackerone.com/reports/2419776 - Issue Tracking | |
| CPE | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* |
|
| CWE | NVD-CWE-noinfo |
Information
Published : 2024-06-14 15:15
Updated : 2025-09-26 23:39
NVD link : CVE-2024-37313
Mitre link : CVE-2024-37313
CVE.ORG link : CVE-2024-37313
JSON object : View
Products Affected
nextcloud
- nextcloud_server
CWE