Unauthorized Access Vulnerability in Nextcloud Server Affects User Sessions
CVE-2024-52518

5.4MEDIUM

Key Information:

Vendor

Nextcloud

Vendor
CVE Published:
15 November 2024

What is CVE-2024-52518?

Nextcloud Server, a self-hosted personal cloud solution, is vulnerable to unauthorized modifications if an attacker gains access to an active user or administrator session. This security flaw allows the attacker to create, alter, or delete external storage options without needing to input the user’s credentials. It is critical for administrators to upgrade to the latest versions—28.0.12, 29.0.9, or 30.0.2—to mitigate this vulnerability and secure sensitive data. For detailed information, refer to the available advisories.

References

CVSS V3.1

Score:
5.4
Severity:
MEDIUM
Confidentiality:
None
Integrity:
Low
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

.