Nextcloud Photos Security Update: Upgrade to 25.0.7 or 26.0.2
CVE-2024-37314

3.5LOW

Key Information:

Vendor: Nextcloud
Status: Security-advisories
Vendor: CVE Published:; 14 June 2024

What is CVE-2024-37314?

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

Affected Version(s)

security-advisories >= 25.0.1, < 25.0.7 < 25.0.1, 25.0.7

security-advisories >= 26.0.0, < 26.0.2 < 26.0.0, 26.0.2

References

https://github.com/nextcloud/security-advisories/security...

x_refsource_CONFIRM

https://github.com/nextcloud/photos/pull/1749

x_refsource_MISC

https://hackerone.com/reports/1946298

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 5, 2024