Nextcloud Server Vulnerability due to Pre-flighted HEAD Request
CVE-2024-52520
Currently unrated
What is CVE-2024-52520?
The Nextcloud Server is a self-hosted personal cloud system that is vulnerable due to a flaw in handling pre-flighted HEAD requests. An attacker could exploit this vulnerability to induce the link reference provider into inadvertently downloading larger websites than anticipated, primarily to extract open-graph data. It is crucial for users to upgrade to the recommended versions to mitigate this risk.