CVE-2024-52518

MEDIUM Year: 2024
CVSS v3 Score
5.4
Medium
Weakness Type
CWE-287
View all →

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Related Vulnerabilities

CVE-2017-3795

MEDIUM
CVSS:5.4(Medium)

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Kn...

CWE-2872017

CVE-2017-6617

MEDIUM
CVSS:5.4(Medium)

A vulnerability in the session identification management functionality of the web-based GUI of Cisco Integrated Management Controller (IMC) 3.0(1c) could allow an unauthenticated, remote attacker to h...

CWE-2872017

CVE-2018-1999045

MEDIUM
CVSS:5.4(Medium)

A improper authentication vulnerability exists in Jenkins 2.137 and earlier, 2.121.2 and earlier in SecurityRealm.java, TokenBasedRememberMeServices2.java that allows attackers with a valid cookie to ...

CWE-2872018

CVE-2019-15617

MEDIUM
CVSS:5.4(Medium)

A missing check in Nextcloud Server 17.0.0 allowed an attacker to set up a new second factor when trying to login.

CWE-2872019

CVE-2020-12848

MEDIUM
CVSS:5.4(Medium)

In Pydio Cells 2.0.4, once an authenticated user shares a file selecting the create a public link option, a hidden shared user account is created in the backend with a random username. An anonymous us...

CWE-2872020

CVE-2021-20578

MEDIUM
CVSS:5.4(Medium)

IBM Cloud Pak for Security (CP4S) 1.7.0.0, 1.7.1.0, 1.7.2.0, and 1.8.0.0 could allow an attacker to perform unauthorized actions due to improper or missing authentication controls. IBM X-Force ID: 199...

CWE-2872021