8.2
CVE-2024-52519
- EPSS 0.16%
- Published 15.11.2024 17:15:21
- Last modified 23.01.2025 15:05:17
- Source security-advisories@github.com
- Teams watchlist Login
- Open Login
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
Data is provided by the National Vulnerability Database (NVD)
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 27.0.0 < 27.1.11.8
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 28.0.0 < 28.0.10
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 28.0.0 < 28.0.10
Nextcloud ≫ Nextcloud Server SwEdition- Version >= 29.0.0 < 29.0.7
Nextcloud ≫ Nextcloud Server SwEditionenterprise Version >= 29.0.0 < 29.0.7
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.16% | 0.372 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 8.2 | 3.9 | 4.2 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N
|
| security-advisories@github.com | 2.7 | 0.1 | 2.5 |
CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
|
CWE-922 Insecure Storage of Sensitive Information
The product stores sensitive information without properly limiting read or write access by unauthorized actors.