PT-2024-4382 · Nextcloud+2 · Nextcloud Server+3
Senamaud
·
Published
2024-06-14
·
Updated
2025-01-24
·
CVE-2024-37884
CVSS v2.0
4.0
Medium
| Vector | AV:N/AC:L/Au:S/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 26.0.12
Nextcloud Server versions prior to 27.1.7
Nextcloud Server versions prior to 28.0.3
Nextcloud Enterprise Server versions prior to 26.0.12
Nextcloud Enterprise Server versions prior to 27.1.7
Nextcloud Enterprise Server versions prior to 28.0.3
Description
The issue is related to inadequate access control in the Nextcloud Server, a self-hosted personal cloud system. This allows a malicious user with read permissions to send delete requests for old versions of files they were shared with, potentially leading to a denial of service.
Recommendations
Upgrade Nextcloud Server to version 26.0.12 or 27.1.7 or 28.0.3.
Upgrade Nextcloud Enterprise Server to version 26.0.12 or 27.1.7 or 28.0.3.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Nextcloud Enterprise Server
Nextcloud Server
Red Os