CVE-2024-52516

CWE-269Improper Privilege Management2 documents2 sources
Severity
4.3MEDIUM
EPSS
0.6%
top 31.25%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Nextcloud ServerNextcloud Security-advisories
Timeline
PublishedNov 15

Description

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:L/I:N/A:NExploitability: 1.3 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server26.0.026.0.13.9+3
CVEListV5nextcloud/security-advisories>= 28.0.0, < 28.0.9, >= 29.0.0, < 29.0.5+1

Patches

Patch: github.com

🔴Vulnerability Details

1
CVEList
Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them2024-11-15
CVE-2024-52516 (MEDIUM CVSS 4.3) | Nextcloud Server is a self hosted p | cvebase.io