Nextcloud Server Update: Upgrade to Improve Security and Stability
CVE-2024-37887

3.5LOW

Key Information:

Vendor: Nextcloud
Status: Security-advisories
Vendor: CVE Published:; 14 June 2024

🔔 Create Nextcloud Vulnerability Alert

What is CVE-2024-37887?

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.

Affected Version(s)

security-advisories >= 27.0.0, < 27.1.10 < 27.0.0, 27.1.10

security-advisories >= 27.0.0, < 28.0.6 < 27.0.0, 28.0.6

security-advisories >= 27.0.0, < 29.0.1 < 27.0.0, 29.0.1

References

https://github.com/nextcloud/security-advisories/security...

x_refsource_CONFIRM

https://github.com/nextcloud/server/pull/45309

x_refsource_MISC

https://hackerone.com/reports/2479325

x_refsource_MISC

CVSS V3.1

Score:

3.5

Severity:

LOW

Confidentiality:

Low

Integrity:

None

Availability:

Low

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 14, 2024
Vulnerability Reserved
Jun 10, 2024

.