cbcvebase.
CVE-2024-52520
published 2024-11-15

CVE-2024-52520: Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading…

PriorityP333medium6.5CVSS 3.1
AVNACLPRNUIRSUCHINAN
EPSS
0.78%
51.3th percentile
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.

Affected

5 ranges
VendorProductVersion rangeFixed in
nextcloudnextcloud_server>= 27.0.0 < 27.1.11.827.1.11.8
nextcloudnextcloud_server>= 28.0.0 < 28.0.1028.0.10
nextcloudnextcloud_server>= 29.0.0 < 29.0.729.0.7
nextcloudsecurity-advisories
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.