admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-06-19 17:31:42 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2024/CVE-2024-525xx/CVE-2024-52514.json
cad-safe-bot e6cbafdc40 Auto-Update: 2024-12-08T03:00:18.988682+00:00
2024-12-08 03:06:42 +00:00

72 lines
3.0 KiB
JSON
Raw Blame History

{
"id": "CVE-2024-52514",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-11-15T18:15:30.370",
"lastModified": "2024-11-18T17:11:56.587",
"vulnStatus": "Awaiting Analysis",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0."
},
{
"lang": "es",
"value": "Nextcloud Server es un sistema de nube personal alojado por uno mismo. Despu\u00e9s de que un usuario reciba un recurso compartido con algunos archivos dentro que est\u00e1n bloqueados por el control de acceso a archivos, el usuario a\u00fan podr\u00e1 copiar la carpeta intermedia dentro de Nextcloud, lo que le permitir\u00e1 acceder potencialmente a los archivos bloqueados despu\u00e9s, seg\u00fan las reglas de control de acceso del usuario. Se recomienda que Nextcloud Server se actualice a 27.1.9, 28.0.5 o 29.0.0 y que Nextcloud Enterprise Server se actualice a 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 o 29.0.0."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.3,
"impactScore": 1.4
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-284"
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8",
"source": "security-advisories@github.com"
},
{
"url": "https://github.com/nextcloud/server/pull/44889",
"source": "security-advisories@github.com"
},
{
"url": "https://hackerone.com/reports/2447316",
"source": "security-advisories@github.com"
}
]
}
Reference in New Issue View Git Blame Copy Permalink