CVE-2024-22404

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-22404
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-22404.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-22404
Aliases
  • GHSA-vhj3-mch4-67fq
Published
2024-01-18T20:14:27.914Z
Modified
2025-11-30T11:27:05.279838Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
Summary
Permissions bypass in Nextcloud with the files zip app
Details

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.

Database specific 
{
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-281"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/22xxx/CVE-2024-22404.json"
}
References

Affected packages

Git / github.com/nextcloud/files_zip

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/files_zip
Events
Introduced
75c11bd4ba72a9b0175250746606b7ea79e5577b
Fixed
2ddc39aece037fc947c639062ea9c2a9727975c3
Database specific 
{
    "versions": [
        {
            "introduced": "1.2.0"
        },
        {
            "fixed": "1.2.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/files_zip
Events
Introduced
13d80fee8edd41ceb2fd5af52fe37c09efee5609
Fixed
69d6fc6ed9dafcfc74ef2077576ce6a325dc0ce9
Database specific 
{
    "versions": [
        {
            "introduced": "1.3.0"
        },
        {
            "fixed": "1.4.1"
        }
    ]
}

Affected versions

v1.*

v1.2.0
v1.3.0
v1.4.0