PT-2024-35349 · Nextcloud+1 · Nextcloud Desktop Client+1
D-Xuan
·
Published
2024-11-15
·
Updated
2025-08-28
·
CVE-2024-52510
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Desktop Client versions prior to 3.14.2
Description
The issue concerns the Nextcloud Desktop Client, a tool used to synchronize files from Nextcloud Server with a computer. It was found that the Desktop client did not stop with an error and allowed bypassing the signature validation if a manipulated server sent an empty initial signature.
Recommendations
For versions prior to 3.14.2, upgrade to version 3.14.2 or later to resolve the issue.
Exploit
Fix
Improper Certificate Validation
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Debian
Nextcloud Desktop Client