Home > Vulnerability Database > CVE-2024-52509

Mend.io Vulnerability Database

CVE-2024-52509

Date: November 15, 2024

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.

Language: PHP

Severity Score

3.5

Related Resources (6)

Url: https://github.com/nextcloud/mail/commit/8d44f1ce44684022aa4e62a3e0462fdadcde6c8b

Url: https://github.com/nextcloud/mail/pull/9592

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52509

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pwpp-fvcr-w862

Url: https://hackerone.com/reports/1878255

Url: https://www.mend.io/vulnerability-database/CVE-2024-52509

Severity Score

3.5

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52509

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?