Home > Vulnerability Database > CVE-2024-52523

Mend.io Vulnerability Database

CVE-2024-52523

Date: November 15, 2024

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2.

Language: PHP

Severity Score

4.6

Related Resources (5)

Url: https://github.com/nextcloud/server/pull/49009

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-42w6-r45m-9w9j

Url: https://github.com/nextcloud/server/commit/8a13f284765bd4606984e7d925c32ae6e82b8a27

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-52523

Url: https://www.mend.io/vulnerability-database/CVE-2024-52523

Severity Score

4.6

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Out-of-bounds Read

CWE-125

CVSS v3.1

Base Score:	4.6
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	HIGH
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-52523

Date: November 15, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?