Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52516

Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.

Published

2024-11-15T17:15:21.070

Last Modified

2025-01-06T20:51:23.237

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 3.0 (LOW)

Weaknesses

Type: Secondary
CWE-269
Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 26.0.13.9	Yes
Application	nextcloud	nextcloud_server	< 27.1.11.9	Yes
Application	nextcloud	nextcloud_server	< 28.0.9	Yes
Application	nextcloud	nextcloud_server	< 28.0.9	Yes
Application	nextcloud	nextcloud_server	< 29.0.5	Yes
Application	nextcloud	nextcloud_server	< 29.0.5	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm Vendor Advisory ([email protected])
https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34 Patch ([email protected])
https://github.com/nextcloud/server/pull/47180 Issue Tracking ([email protected])