Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52510

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.

Published

2024-11-15T18:15:29.497

Last Modified

2025-08-28T14:21:08.737

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 4.2 (MEDIUM)

Weaknesses

Type: Primary
CWE-295

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	desktop	< 3.14.2	Yes

References

https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7 Patch ([email protected])
https://github.com/nextcloud/desktop/pull/7333 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v Third Party Advisory ([email protected])
https://hackerone.com/reports/2597504 Issue Tracking ([email protected])