CVE - CVE-2024-52513

CVE-ID
CVE-2024-52513	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Nextcloud Server is a self hosted personal cloud system. After receiving a "Files drop" or "Password protected" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj URL:https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj MISC:https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548 URL:https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548 MISC:https://github.com/nextcloud/text/pull/6485 URL:https://github.com/nextcloud/text/pull/6485 MISC:https://hackerone.com/reports/2376900 URL:https://hackerone.com/reports/2376900
Assigning CNA
GitHub (maintainer security advisories)
Date Record Created
20241111	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20241111)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)