admin/cve
1
0
Fork 0
mirror of https://github.com/0xMarcio/cve.git synced 2025-06-19 17:30:12 +00:00
Code Issues Packages Projects Releases Wiki Activity
cve/2024/CVE-2024-22402.md

18 lines
988 B
Markdown
Raw Normal View History

Update Sat May 25 21:48:12 CEST 2024
2024-05-25 21:48:12 +02:00
### [CVE-2024-22402](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22402)
![](https://img.shields.io/static/v1?label=Product&message=security-advisories&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3D%20%3E%3D%202.4.0%2C%20%3C%202.4.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-281%3A%20Improper%20Preservation%20of%20Permissions&color=brighgreen)
### Description
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.
### POC
#### Reference
No PoCs from references.
#### Github
- https://github.com/fkie-cad/nvd-json-data-feeds
Reference in New Issue Copy Permalink