Main Vulnerability Database Vulnerabilities #VU103055

#VU103055 Improper privilege management in Nextcloud Server and Nextcloud Enterprise Server - CVE-2024-52516

Published: January 20, 2025

Vulnerability identifier: #VU103055

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-52516

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Nextcloud Server
Nextcloud Enterprise Server

Software vendor:
Nextcloud

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to shares are not removed when user is limited to share with in their groups and being removed from one of them. A remote user can gain access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm
https://github.com/nextcloud/server/pull/47180
https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34

#VU103055 Improper privilege management in Nextcloud Server and Nextcloud Enterprise Server - CVE-2024-52516

Description

Remediation

External links

Please verify you're human