Home > Vulnerability Database > CVE-2024-52514

Mend.io Vulnerability Database

CVE-2024-52514

Date: November 15, 2024

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0.

Language: PHP

Severity Score

4.1

Related Resources (6)

Url: https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8

Url: https://hackerone.com/reports/2447316

Url: https://github.com/nextcloud/server/pull/44889

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52514

Url: https://www.mend.io/vulnerability-database/CVE-2024-52514

Severity Score

4.1

Weakness Type (CWE)

Improper Access Control

CWE-284

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52514

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?