OAuth2 Client Secret Vulnerability in Nextcloud Server
CVE-2024-52519

8.2HIGH

Key Information:

Vendor: Nextcloud
Status: Nextcloud Server
Vendor: CVE Published:; 15 November 2024

What is CVE-2024-52519?

Nextcloud Server is a self-hosted cloud solution that has a vulnerability related to the inadequate protection of OAuth2 client secrets. The secrets were stored in a manner that made them retrievable, which poses a risk if an unauthorized actor gains access to affected database backups and configuration files. To mitigate this risk, it is essential for users to upgrade to the latest secure versions: Nextcloud Server 28.0.10 or 29.0.7, and Nextcloud Enterprise Server to 27.1.11.8, 28.0.10, or 29.0.7. Security best practices must be followed to ensure the integrity of sensitive information.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://github.com/nextcloud/security-advisories/security...

https://github.com/nextcloud/server/pull/47635

https://github.com/nextcloud/server/commit/09b8aea8f67835...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Nov 15, 2024

JSON

Nextcloud

What is CVE-2024-52519?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

CVSS V3.1

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.