Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37315

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3.

Published

2024-06-14T16:15:11.473

Last Modified

2024-11-21T09:23:35.690

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	≤ 23.0.12	Yes
Application	nextcloud	nextcloud_server	≤ 24.0.12	Yes
Application	nextcloud	nextcloud_server	< 25.0.13	Yes
Application	nextcloud	nextcloud_server	< 26.0.12	Yes
Application	nextcloud	nextcloud_server	< 26.0.12	Yes
Application	nextcloud	nextcloud_server	< 27.1.7	Yes
Application	nextcloud	nextcloud_server	< 27.1.7	Yes
Application	nextcloud	nextcloud_server	< 28.0.3	Yes
Application	nextcloud	nextcloud_server	< 28.0.3	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942 Vendor Advisory ([email protected])
https://github.com/nextcloud/server/pull/43727 Patch ([email protected])
https://hackerone.com/reports/1356508 Issue Tracking ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/43727 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1356508 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)