Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-37887

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.

Published

2024-06-14T16:15:14.237

Last Modified

2024-11-21T09:24:28.407

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.5 (LOW)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 27.1.10	Yes
Application	nextcloud	nextcloud_server	< 27.1.10	Yes
Application	nextcloud	nextcloud_server	≤ 28.0.6	Yes
Application	nextcloud	nextcloud_server	< 28.0.6	Yes
Application	nextcloud	nextcloud_server	29.0.0	Yes
Application	nextcloud	nextcloud_server	29.0.0	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595 Vendor Advisory ([email protected])
https://github.com/nextcloud/server/pull/45309 Patch ([email protected])
https://hackerone.com/reports/2479325 Issue Tracking ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/server/pull/45309 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/2479325 Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)