Home > Vulnerability Database > CVE-2024-52519

Mend.io Vulnerability Database

CVE-2024-52519

Date: November 15, 2024

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.

Language: PHP

Severity Score

2.7

Related Resources (5)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fvpc-8hq6-jgq2

Url: https://github.com/nextcloud/server/commit/09b8aea8f6783514bffe00df6abbf9fa542faac5

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52519

Url: https://github.com/nextcloud/server/pull/47635

Url: https://www.mend.io/vulnerability-database/CVE-2024-52519

Severity Score

2.7

Weakness Type (CWE)

Insecure Storage of Sensitive Information

CWE-922

CVSS v3.1

Base Score:	2.7
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52519

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?