CVE-2024-37313

🗓️ 14 Jun 2024 15:51:15Reported by GitHub_MType

Nextcloud server bypasses 2F

Reporter	Title	Published	Views	Family All 7
NVD	CVE-2024-37313	14 Jun 202415:15	–	nvd
Cvelist	CVE-2024-37313 Nextcloud server allows the by-pass the second factor	14 Jun 202414:50	–	cvelist
Vulnrichment	CVE-2024-37313 Nextcloud server allows the by-pass the second factor	14 Jun 202414:50	–	vulnrichment
OpenVAS	Nextcloud Server < 21.0.9.17, 22.x < 22.2.10.22, 23.x < 23.0.12.17, 24.x < 24.0.12.14, 25.x < 25.0.13.8, 26.x < 26.0.13, 27.x < 27.1.8, 28.x < 28.0.4 Improper Authentication Vulnerability (GHSA-9v72-9xv5-3p7c)	18 Jun 202400:00	–	openvas
Nextcloud	Ability to by-pass second factor	14 Jun 202414:26	–	nextcloud
Hacker One	Nextcloud: Ability to by-pass second factor	17 Mar 202420:31	–	hackerone
Redos	ROS-20240627-06	27 Jun 202400:00	–	redos

Vulners

Vulnrichment

Node

nextcloud security_advisoriesRange26.0.0–26.0.13

nextcloud security_advisoriesRange27.0.0–27.1.8

nextcloud security_advisoriesRange28.0.0–28.0.4

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 26.0.0, < 26.0.13",
        "status": "affected"
      },
      {
        "version": ">= 27.0.0, < 27.1.8",
        "status": "affected"
      },
      {
        "version": ">= 28.0.0, < 28.0.4",
        "status": "affected"
      }
    ]
  }
]

Source	Link
hackerone	www.hackerone.com/reports/2419776
github	www.github.com/nextcloud/server/pull/44276
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jun 2024 15:15Current

7.1High risk

Vulners AI Score7.1

CVSS37.3

EPSS0.00045

SSVC

CWE-287