PT-2024-27472 · Nextcloud+1 · Nextcloud Photos+3

Juliusknorr

Published

2024-06-14

Updated

2025-01-24

CVE-2024-37314

CVSS v3.1

3.5

Low

Vector

AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 25.0.7 and prior to 26.0.2 Nextcloud Enterprise Server versions prior to 25.0.7 and prior to 26.0.2

Description Nextcloud Photos is a photo management app where users can remove photos from the album of registered users.

Recommendations For Nextcloud Server versions prior to 25.0.7, upgrade to 25.0.7 or later. For Nextcloud Server versions prior to 26.0.2, upgrade to 26.0.2 or later. For Nextcloud Enterprise Server versions prior to 25.0.7, upgrade to 25.0.7 or later. For Nextcloud Enterprise Server versions prior to 26.0.2, upgrade to 26.0.2 or later.

Exploit

Fix

Improper Access Control

Missing Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-284CWE-862

Related Identifiers

ALT-PU-2025-1855

CVE-2024-37314

GHSA-9CHH-5PRM-WP43

Affected Products

Alt Linux

Nextcloud Enterprise Server

Nextcloud Photos

Nextcloud Server

PT-2024-27472 · Nextcloud+1 · Nextcloud Photos+3

CVE-2024-37314

Weakness Enumeration

Related Identifiers

Affected Products

References · 9