4.3
CVE-2024-52516
- EPSS 0.05%
- Published 15.11.2024 17:15:21
- Last modified 06.01.2025 20:51:23
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.
Data is provided by the National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 26.0.0 < 26.0.13.9
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.11.9
Nextcloud ≫ Nextcloud Server Version >= 28.0.0 < 28.0.9
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.9
Nextcloud ≫ Nextcloud Server Version >= 29.0.0 < 29.0.5
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.5
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.05% | 0.153 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 3 | 1.3 | 1.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:N
|
CWE-269 Improper Privilege Management
The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.