CVE-2024-37882

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-37882

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-37882.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2024-37882

Aliases

GHSA-jjm3-j9xh-5xmq

Published

2024-06-14T15:28:00.462Z

Modified

2025-12-01T02:29:34.130757Z

Severity

8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator

Summary

Nextcloud Server can reshare read&share only folder with more permissions

Details

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/37xxx/CVE-2024-37882.json",
    "cwe_ids": [
        "CWE-284"
    ]
}

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

62cfd3b4c9ff4d8cdbbe6dcc8b63a1085bb94e3d

Fixed

27dcfb94a08990a5b3f40aa9f2fd8bb2039778bf

Database specific

{
    "versions": [
        {
            "introduced": "26.0.0"
        },
        {
            "fixed": "26.0.13"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

add4e4365a4040d2e4e6aa79c0d03c3edd78583c

Fixed

7442a88ac83f00051fbc8592c34819fa9d27764e

Database specific

{
    "versions": [
        {
            "introduced": "27.0.0"
        },
        {
            "fixed": "27.1.8"
        }
    ]
}

Type

GIT

Repo

https://github.com/nextcloud/server

Events

Introduced

e15fcecaf0d382cebff924ec2b1f5319e130c0e8

Fixed

6403fd1828760bff630ca26203f8cbe9addd3e1d

Database specific

{
    "versions": [
        {
            "introduced": "28.0.0"
        },
        {
            "fixed": "28.0.4"
        }
    ]
}

Affected versions

v26.*

v26.0.0

v26.0.1

v26.0.10

v26.0.10rc1

v26.0.11

v26.0.11rc1

v26.0.11rc2

v26.0.12

v26.0.12rc1

v26.0.12rc2

v26.0.13rc1

v26.0.1rc1

v26.0.2

v26.0.2rc1

v26.0.3

v26.0.3rc1

v26.0.3rc2

v26.0.4

v26.0.4rc1

v26.0.4rc2

v26.0.5

v26.0.5rc1

v26.0.6

v26.0.6rc1

v26.0.7

v26.0.8

v26.0.8rc1

v26.0.8rc2

v26.0.9

v26.0.9rc1

v27.*

v27.0.0

v27.0.1

v27.0.1rc1

v27.0.1rc2

v27.0.2

v27.0.2rc1

v27.1.0

v27.1.0beta2

v27.1.0beta3

v27.1.0rc1

v27.1.0rc2

v27.1.0rc3

v27.1.0rc4

v27.1.1

v27.1.2

v27.1.2rc1

v27.1.3

v27.1.3rc1

v27.1.3rc2

v27.1.4

v27.1.4rc1

v27.1.5

v27.1.5rc1

v27.1.6

v27.1.6rc1

v27.1.6rc2

v27.1.7

v27.1.7rc1

v27.1.7rc2

v27.1.8rc1

v28.*

v28.0.0

v28.0.1

v28.0.1rc1

v28.0.2

v28.0.2rc1

v28.0.2rc2

v28.0.2rc3

v28.0.2rc4

v28.0.2rc5

v28.0.3

v28.0.3rc1

v28.0.3rc2

v28.0.4rc1