CVE-2024-52518
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-52518
- Import Source
- https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52518.json
- JSON Data
- https://api.test.osv.dev/v1/vulns/CVE-2024-52518
- Aliases
-
- GHSA-vrhf-532w-99rg
- Published
- 2024-11-15T17:15:21Z
- Modified
- 2025-07-01T16:18:13.780767Z
- Severity
-
- 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
- Summary
- [none]
- Details
-
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
- References
Affected packages
Git / github.com/nextcloud/server
Affected versions
v28.*
v28.0.0
v28.0.1
v28.0.10
v28.0.10rc1
v28.0.11
v28.0.11rc1
v28.0.12rc1
v28.0.12rc2
v28.0.1rc1
v28.0.2
v28.0.2rc1
v28.0.2rc2
v28.0.2rc3
v28.0.2rc4
v28.0.2rc5
v28.0.3
v28.0.3rc1
v28.0.3rc2
v28.0.4
v28.0.4rc1
v28.0.5
v28.0.5rc1
v28.0.6
v28.0.6rc1
v28.0.7
v28.0.7rc1
v28.0.7rc2
v28.0.7rc3
v28.0.7rc4
v28.0.8
v28.0.8rc1
v28.0.9
v28.0.9rc1