CVE-2024-52518

Source
https://nvd.nist.gov/vuln/detail/CVE-2024-52518
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-52518.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-52518
Aliases
  • GHSA-vrhf-532w-99rg
Published
2024-11-15T17:15:21Z
Modified
2025-01-24T02:13:39.683250Z
Severity
  • 5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L CVSS Calculator
Summary
[none]
Details

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v29.*

v29.0.0
v29.0.1
v29.0.1rc1
v29.0.2
v29.0.2rc1
v29.0.2rc2
v29.0.3
v29.0.3rc1
v29.0.3rc2
v29.0.3rc3
v29.0.3rc4
v29.0.4
v29.0.4rc1
v29.0.5
v29.0.5rc1
v29.0.6
v29.0.6rc1
v29.0.7
v29.0.7rc1
v29.0.8
v29.0.8rc1
v29.0.9rc1
v29.0.9rc2