Lucene search

[email protected]CVE-2024-37314

HistoryJun 14, 2024 - 3:15 p.m.

CVE-2024-37314

2024-06-1415:15:51

CWE-284

[email protected]

web.nvd.nist.gov

nextcloud server

nextcloud enterprise server

photo management

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

Affected configurations

Vulners

Node

nextcloudnextcloudRange25.0.1–25.0.7

nextcloudnextcloudRange26.0.0–26.0.2

CNA Affected

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 25.0.1, < 25.0.7",
        "status": "affected"
      },
      {
        "version": ">= 26.0.0, < 26.0.2",
        "status": "affected"
      }
    ]
  }
]

References

github.com/nextcloud/photos/pull/1749

github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43

hackerone.com/reports/1946298

3.5 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L

6.9 Medium

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

15.5%

JSON

Related for CVE-2024-37314

cvelist1 nextcloud1 nvd1