CVE-2024-52513

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-52513
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.

2.6 /10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References
Link Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj Vendor Advisory
https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548 Patch
https://github.com/nextcloud/text/pull/6485 Issue Tracking
https://hackerone.com/reports/2376900 Issue Tracking
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
History

01 Oct 2025, 18:04

Type Values Removed Values Added
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj - Vendor Advisory
References () https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548 - () https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548 - Patch
References () https://github.com/nextcloud/text/pull/6485 - () https://github.com/nextcloud/text/pull/6485 - Issue Tracking
References () https://hackerone.com/reports/2376900 - () https://hackerone.com/reports/2376900 - Issue Tracking
First Time Nextcloud
Nextcloud nextcloud Server
CWE NVD-CWE-noinfo
CPE cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
Information

Published : 2024-11-15 18:15

Updated : 2025-10-01 18:04

NVD link : CVE-2024-52513

Mitre link : CVE-2024-52513

CVE.ORG link : CVE-2024-52513

JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

NVD-CWE-noinfo