Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-22401

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.

Published

2024-01-18T21:15:08.343

Last Modified

2024-11-21T08:56:12.540

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.1 (MEDIUM)

Weaknesses

Type: Primary
CWE-281

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	guests	< 2.4.1	Yes
Application	nextcloud	guests	2.5.0	Yes
Application	nextcloud	guests	3.0.0	Yes

References

https://github.com/nextcloud/guests/pull/1082 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh Vendor Advisory ([email protected])
https://hackerone.com/reports/2250398 Permissions Required, Third Party Advisory ([email protected])
https://github.com/nextcloud/guests/pull/1082 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2250398 Permissions Required, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)