Description

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0.

INFO

Published Date :

2024-11-15T17:06:03.628Z

Last Modified :

2024-11-15T17:33:13.755Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52514 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud Enterprise Server
  • Nextcloud Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52514.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj cve-icon cve-icon
https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8 cve-icon cve-icon
https://github.com/nextcloud/server/pull/44889 cve-icon cve-icon
https://hackerone.com/reports/2447316 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact