4.3

CVE-2024-52516

Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

Shares are not removed when user is limited to share with in their groups and being removed from one of them

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.
Mögliche Gegenmaßnahme
Server: * No workaround available
Enterprise Server: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudNextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.13.9
NextcloudNextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.11.9
NextcloudNextcloud Server Version >= 28.0.0 < 28.0.9
NextcloudNextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.9
NextcloudNextcloud Server Version >= 29.0.0 < 29.0.5
NextcloudNextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.5
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. Login Login
Weitere Schwachstelleninformationen
SystemNextcloud
Produkt Server
Version >= 28.0.0, < 28.0.9
Version >= 29.0.0, < 29.0.5
SystemNextcloud
Produkt Enterprise Server
Version >= 26.0.0, < 26.0.13.9
Version >= 27.0.0, < 27.1.11.9
Version >= 28.0.0, < 28.0.9
Version >= 29.0.0, < 29.0.5
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.42% 0.333
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.3 2.8 1.4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com 3 1.3 1.4
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm
Vendor Advisory
https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34
Patch
https://github.com/nextcloud/server/pull/47180
Issue Tracking
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm
Third Party Advisory