Home > Vulnerability Database > CVE-2024-22404

Mend.io Vulnerability Database

CVE-2024-22404

Date: January 18, 2024

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.

Language: JS

Severity Score

4.1

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22404

Url: https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq

Url: https://hackerone.com/reports/2247457

Url: https://www.mend.io/vulnerability-database/CVE-2024-22404

Severity Score

4.1

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22404

Date: January 18, 2024

Language: JS

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?