Main Vulnerability Database Vulnerabilities #VU103055

Improper privilege management in Nextcloud Server and Nextcloud Enterprise Server - CVE-2024-52516

Published: January 20, 2025

Vulnerability identifier: #VU103055

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:L/UI:A/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-52516

CWE-ID: CWE-269

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Nextcloud

Affected software:
Nextcloud Server
Nextcloud Enterprise Server

Detailed vulnerability description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to shares are not removed when user is limited to share with in their groups and being removed from one of them. A remote user can gain access to sensitive information on the system.

How to mitigate CVE-2024-52516

Install updates from vendor's website.

Sources

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm
https://github.com/nextcloud/server/pull/47180
https://github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34

Improper privilege management in Nextcloud Server and Nextcloud Enterprise Server - CVE-2024-52516

Detailed vulnerability description

How to mitigate CVE-2024-52516

Sources

Please verify you're human