CVE-2024-52518
Last modified
CVE-2024-52518 is a medium-severity vulnerability rated 5.4/10 on the CVSS scale. Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. EPSS estimates a 0.53% chance of exploitation in the next 30 days.
Description
Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | >= 28.0.0, < 28.0.12 |
| Nextcloud | Nextcloud Server | >= 29.0.0, < 29.0.9 |
| Nextcloud | Nextcloud Server | >= 30.0.0, < 30.0.2 |
References
- https://github.com/nextcloud/server/pull/48373Issue Tracking
- https://github.com/nextcloud/server/pull/48788Issue Tracking
- https://github.com/nextcloud/server/pull/48992Issue Tracking
- https://hackerone.com/reports/2602973Permissions Required
Timeline
- Published
- Last Modified
- Status
- Analyzed
Frequently Asked Questions
What is CVE-2024-52518?
How severe is CVE-2024-52518?
How do I fix CVE-2024-52518?
Are you affected by CVE-2024-52518?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST