Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
References
| Link | Resource |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg | Vendor Advisory |
| https://github.com/nextcloud/server/pull/48373 | Issue Tracking |
| https://github.com/nextcloud/server/pull/48788 | Issue Tracking |
| https://github.com/nextcloud/server/pull/48992 | Issue Tracking |
| https://hackerone.com/reports/2602973 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
23 Jan 2025, 15:15
| Type | Values Removed | Values Added |
|---|---|---|
| References | () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg - Vendor Advisory | |
| References | () https://github.com/nextcloud/server/pull/48373 - Issue Tracking | |
| References | () https://github.com/nextcloud/server/pull/48788 - Issue Tracking | |
| References | () https://github.com/nextcloud/server/pull/48992 - Issue Tracking | |
| References | () https://hackerone.com/reports/2602973 - Permissions Required | |
| CWE | CWE-863 | |
| First Time |
Nextcloud nextcloud Server
Nextcloud |
|
| CPE | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* |
Information
Published : 2024-11-15 17:15
Updated : 2025-01-23 15:15
NVD link : CVE-2024-52518
Mitre link : CVE-2024-52518
CVE.ORG link : CVE-2024-52518
JSON object : View
Products Affected
nextcloud
- nextcloud_server