Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

Published

2024-06-14T15:15:51.697

Last Modified

2024-11-21T09:23:35.537

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
CWE-862

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 25.0.7	Yes
Application	nextcloud	nextcloud_server	< 26.0.2	Yes

References

https://github.com/nextcloud/photos/pull/1749 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43 Vendor Advisory ([email protected])
https://hackerone.com/reports/1946298 Issue Tracking ([email protected])
https://github.com/nextcloud/photos/pull/1749 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1946298 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)