File Attachment Issue in Nextcloud Mail
CVE-2024-52509

Currently unrated

Key Information:

Vendor: Nextcloud
Status: Nextcloud Mail
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-52509?

The Nextcloud Mail app, part of the self-hosted Nextcloud platform, has a security flaw that permits users to attach shared files without the necessary download permissions. This vulnerability could enable users to send files to themselves, bypassing intended restrictions, and subsequently download those files through their email clients. It is essential to upgrade to the latest versions—2.2.10, 3.6.2, or 3.7.2—to mitigate this risk.

References

https://github.com/nextcloud/security-advisories/security...

https://github.com/nextcloud/mail/pull/9592

https://github.com/nextcloud/mail/commit/8d44f1ce44684022...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024