CVE-2024-37314
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-37314
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-37314.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-37314
- Aliases
-
- GHSA-9chh-5prm-wp43
- Published
- 2024-06-14T15:05:48.284Z
- Modified
- 2025-11-30T18:37:45.815853Z
- Severity
-
- 3.5 (Low) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L CVSS Calculator
- Summary
- Nextcloud Photos' shared albums have no restriction on photo removal
- Details
-
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
- Database specific
{ "cwe_ids": [ "CWE-284" ], "cna_assigner": "GitHub_M", "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37314.json" }- References
-
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37314.json
- https://github.com/nextcloud/photos/pull/1749
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
- https://hackerone.com/reports/1946298
- https://nvd.nist.gov/vuln/detail/CVE-2024-37314