Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2024-52519

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.

Published

2024-11-15T17:15:21.843

Last Modified

2025-01-23T15:05:17.843

Status

Analyzed

Source

[email protected]

Severity

CVSSv3.1: 2.7 (LOW)

Weaknesses

Type: Primary
CWE-922

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	nextcloud_server	< 27.1.11.8	Yes
Application	nextcloud	nextcloud_server	< 28.0.10	Yes
Application	nextcloud	nextcloud_server	< 28.0.10	Yes
Application	nextcloud	nextcloud_server	< 29.0.7	Yes
Application	nextcloud	nextcloud_server	< 29.0.7	Yes

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fvpc-8hq6-jgq2 Vendor Advisory ([email protected])
https://github.com/nextcloud/server/commit/09b8aea8f6783514bffe00df6abbf9fa542faac5 Patch ([email protected])
https://github.com/nextcloud/server/pull/47635 Issue Tracking ([email protected])