4.3

CVE-2024-52516

EPSS 0.58%
Veröffentlicht 15.11.2024 17:15:21
Zuletzt bearbeitet 06.01.2025 20:51:23
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

Shares are not removed when user is limited to share with in their groups and being removed from one of them

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.

Mögliche Gegenmaßnahme

Server: * No workaround available

Enterprise Server: * No workaround available

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 6 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.13.9

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.11.9

Nextcloud ≫ Nextcloud Server Version >= 28.0.0 < 28.0.9

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.9

Nextcloud ≫ Nextcloud Server Version >= 29.0.0 < 29.0.5

Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemNextcloud

≫

Produkt Server

Version >= 28.0.0, < 28.0.9

Version >= 29.0.0, < 29.0.5

SystemNextcloud

≫

Produkt Enterprise Server

Version >= 26.0.0, < 26.0.13.9

Version >= 27.0.0, < 27.1.11.9

Version >= 28.0.0, < 28.0.9

Version >= 29.0.0, < 29.0.5

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.687

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	2.8	1.4	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
security-advisories@github.com	3	1.3	1.4	CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N

CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm

Vendor Advisory

https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34

Patch

https://github.com/nextcloud/server/pull/47180

Issue Tracking

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-52516

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-52516

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-52516

EUVD