CVE-2024-52514

MEDIUM Year: 2024
CVSS v3 Score
4.1
Medium
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0.

Related Vulnerabilities

CVE-2020-26080

MEDIUM
CVSS:4.1(Medium)

A vulnerability in the user management functionality of Cisco IoT Field Network Director (FND) could allow an authenticated, remote attacker to manage user information for users in different domains o...

CWE-2842020

CVE-2020-8179

MEDIUM
CVSS:4.1(Medium)

Improper access control in Nextcloud Deck 1.0.0 allowed an attacker to inject tasks into other users decks.

CWE-2842020

CVE-2021-3967

MEDIUM
CVSS:4.1(Medium)

Improper Access Control in GitHub repository zulip/zulip prior to 4.10.

CWE-2842021

CVE-2024-30146

MEDIUM
CVSS:4.1(Medium)

Improper access control of endpoint in HCL Domino Leap allows certain admin users to import applications from the server's filesystem.

CWE-2842024

CVE-2024-30148

MEDIUM
CVSS:4.1(Medium)

Improper access control of endpoint in HCL Leap allows certain admin users to import applications from the server's filesystem.

CWE-2842024