Home > Vulnerability Database > CVE-2024-37313

Mend.io Vulnerability Database

CVE-2024-37313

Date: June 14, 2024

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.

Language: PHP

Severity Score

7.3

Related Resources (5)

Url: https://hackerone.com/reports/2419776

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c

Url: https://github.com/nextcloud/server/pull/44276

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37313

Url: https://www.mend.io/vulnerability-database/CVE-2024-37313

Severity Score

7.3

Weakness Type (CWE)

Improper Authentication

CWE-287

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37313

Date: June 14, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?