How severe is CVE-2024-52523?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 4.6 out of 10.

What type of vulnerability is CVE-2024-52523?

This is classified as CWE-200, which is a common weakness in software security.

CVE-2024-52523 - MEDIUM Severity | CVSS 4.6

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. After setting up a user or administrator defined external storage with fixed credentials, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2 and Nextcloud Enterprise Server is upgraded to 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9 or 30.0.2.

Related Vulnerabilities

CVE-2015-7846

MEDIUM

CVSS:4.6(Medium)

Huawei S7700, S9700, S9300 before V200R07C00SPC500, and AR200, AR1200, AR2200, AR3200 before V200R005C20SPC200 allows attackers with physical access to the CF card to obtain sensitive information.

CWE-2002015

CVE-2015-7946

MEDIUM

CVSS:4.6(Medium)

Information Exposure vulnerability in Unity8 as used on the Ubuntu phone and possibly also in Unity8 shipped elsewhere. This allows an attacker to enable the MTP service by opening the emergency diale...

CWE-2002015

CVE-2016-3145

MEDIUM

CVSS:4.6(Medium)

Lexmark printers with firmware ATL before ATL.021.063, CB before CB.021.063, PP before PP.021.063, and YK before YK.021.063 mishandle Erase Printer Memory and Erase Hard Disk actions, which allows phy...

CWE-2002016

CVE-2016-4595

MEDIUM

CVSS:4.6(Medium)

Safari Login AutoFill in Apple OS X before 10.11.6 allows physically proximate attackers to discover passwords by reading the screen during the login procedure.

CWE-2002016

CVE-2016-7060

MEDIUM

CVSS:4.6(Medium)

The web interface in Red Hat QuickStart Cloud Installer (QCI) 1.0 does not mask passwords fields, which allows physically proximate attackers to obtain sensitive password information by reading the di...

CWE-2002016

CVE-2016-7634

MEDIUM

CVSS:4.6(Medium)

An issue was discovered in certain Apple products. iOS before 10.2 is affected. The issue involves the "Accessibility" component, which accepts spoken passwords without considering that they are local...

CWE-2002016