Description

Nextcloud Server is a self hosted personal cloud system. After an admin enables the default-disabled SVG preview provider, a malicious user could upload a manipulated SVG file referencing paths. If the file would exist the preview of the SVG would preview the other file instead. It is recommended that the Nextcloud Server is upgraded to 27.1.10, 28.0.6 or 29.0.1 and Nextcloud Enterprise Server is upgraded to 24.0.12.15, 25.0.13.10, 26.0.13.4, 27.1.10, 28.0.6 or 29.0.1.

INFO

Published Date :

2024-11-15T17:03:09.033Z

Last Modified :

2024-11-15T17:32:49.770Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-52515 vulnerability.

Vendors Products
Nextcloud
  • Nextcloud Server
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-52515.

URL Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5m5g-hw8c-2236 cve-icon cve-icon
https://github.com/nextcloud/server/commit/7e1c30f82a63fbea8c269e0eec38291377f32604 cve-icon cve-icon
https://github.com/nextcloud/server/pull/45340 cve-icon cve-icon
https://hackerone.com/reports/2484499 cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact