Main Vulnerability Database Vulnerabilities #VU103056

#VU103056 Information disclosure in Nextcloud Server and Nextcloud Enterprise Server - CVE-2024-52523

Published: January 20, 2025

Vulnerability identifier: #VU103056

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-52523

CWE-ID: CWE-200

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Nextcloud Server
Nextcloud Enterprise Server

Software vendor:
Nextcloud

Description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists due to custom defined credentials of external storages are sent back to the frontend. An administrator with physical access can gain unauthorized access to sensitive information on the system.

Remediation

Install updates from vendor's website.

External links

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-42w6-r45m-9w9j
https://github.com/nextcloud/server/pull/49009
https://github.com/nextcloud/server/commit/8a13f284765bd4606984e7d925c32ae6e82b8a27

#VU103056 Information disclosure in Nextcloud Server and Nextcloud Enterprise Server - CVE-2024-52523

Description

Remediation

External links

Please verify you're human