Lucene search

CVE-2024-37315

🗓️ 14 Jun 2024 16:11:15Reported by GitHub_MType

Nextcloud Server vulnerability allows attacker to restore older document version

Reporter	Title	Published	Views	Family All 8
Vulnrichment	CVE-2024-37315 Nextcloud Server's read-only users can restore old versions	14 Jun 202415:08	–	vulnrichment
OSV	CVE-2024-37315	14 Jun 202416:15	–	osv
Hacker One	Nextcloud: Read-only users can restore old versions	1 Oct 202115:42	–	hackerone
NVD	CVE-2024-37315	14 Jun 202416:15	–	nvd
Cvelist	CVE-2024-37315 Nextcloud Server's read-only users can restore old versions	14 Jun 202415:08	–	cvelist
Nextcloud	Read-only users can restore old versions	14 Jun 202414:29	–	nextcloud
OpenVAS	Nextcloud Server < 23.0.12.16, 24.x < 24.0.12.12, 25.x < 25.0.13.16, 26.x < 26.0.12, 27.x < 27.1.7, 28.x < 28.0.3 Improper Access Control Vulnerability (GHSA-5mq8-738w-5942)	18 Jun 202400:00	–	openvas
Redos	ROS-20240627-06	27 Jun 202400:00	–	redos

Nvd

Vulners

Node

nextcloud nextcloud_serverRange23.0.0–23.0.12enterprise

nextcloud nextcloud_serverRange24.0.0–24.0.12enterprise

nextcloud nextcloud_serverRange25.0.0–25.0.13enterprise

nextcloud nextcloud_serverRange26.0.0–26.0.12-

nextcloud nextcloud_serverRange26.0.0–26.0.12enterprise

nextcloud nextcloud_serverRange27.0.0–27.1.7-

nextcloud nextcloud_serverRange27.0.0–27.1.7enterprise

nextcloud nextcloud_serverRange28.0.0–28.0.3-

nextcloud nextcloud_serverRange28.0.0–28.0.3enterprise

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 26.0.0, < 26.0.12",
        "status": "affected"
      },
      {
        "version": ">= 27.0.0, < 27.1.7",
        "status": "affected"
      },
      {
        "version": ">= 28.0.0, < 28.0.3",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nextcloud/server/pull/43727
hackerone	www.hackerone.com/reports/1356508
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

14 Jun 2024 16:15Current

3.8Low risk

Vulners AI Score3.8

CVSS33.5 - 4.3

EPSS0.00052

SSVC

CWE-284