Unprotected File Retrieval Vulnerability in Nextcloud Server
CVE-2024-52513

Currently unrated

Key Information:

Vendor: Nextcloud
Status: Nextcloud Server
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-52513?

A vulnerability exists in Nextcloud Server that permits unauthorized users to download attachments referenced in text files via 'Files drop' or 'Password protected' share links. This security flaw allows malicious individuals to bypass access controls, compromising the confidentiality of shared files. Users are strongly advised to upgrade their Nextcloud Server to the latest versions to mitigate this risk.

References

https://github.com/nextcloud/security-advisories/security...

https://github.com/nextcloud/text/pull/6485

https://github.com/nextcloud/text/commit/ca24b25c93b81626...

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 15, 2024