CVE-2024-52518

Sažetak

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg
https://github.com/nextcloud/server/pull/48373
https://github.com/nextcloud/server/pull/48788
https://github.com/nextcloud/server/pull/48992
https://hackerone.com/reports/2602973

CVSS

Base:	4.4
Impact:	3.6
Exploitability:	0.7

Pristup

Vektor	Složenost	Autentikacija
NETWORK	HIGH	HIGH

Impact

Povjerljivost	Cjelovitost	Dostupnost
HIGH	NONE	NONE

CVSS vektor

CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

Zadnje važnije ažuriranje

18-11-2024 - 17:11

Objavljeno

15-11-2024 - 17:15