Unauthorized Access Vulnerability in Nextcloud Server Affects User Sessions
CVE-2024-52518
5.4MEDIUM
What is CVE-2024-52518?
Nextcloud Server, a self-hosted personal cloud solution, is vulnerable to unauthorized modifications if an attacker gains access to an active user or administrator session. This security flaw allows the attacker to create, alter, or delete external storage options without needing to input the user’s credentials. It is critical for administrators to upgrade to the latest versions—28.0.12, 29.0.9, or 30.0.2—to mitigate this vulnerability and secure sensitive data. For detailed information, refer to the available advisories.