4.3
CVE-2024-52516
- EPSS 0.05%
- Veröffentlicht 15.11.2024 17:15:21
- Zuletzt bearbeitet 06.01.2025 20:51:23
- Quelle security-advisories@github.com
- Teams Watchlist Login
- Unerledigt Login
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.13.9
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.11.9
Nextcloud ≫ Nextcloud Server Version >= 28.0.0 < 28.0.9
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.9
Nextcloud ≫ Nextcloud Server Version >= 29.0.0 < 29.0.5
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.153 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 3 | 1.3 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.