CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them

🗓️ 15 Nov 2024 16:55:18Reported by GitHub_MType

Nextcloud Server shares not unshared when user is removed from grou

Reporter	Title	Published	Views	Family All 49
BDU FSTEC	The vulnerability of cloud software for creating and using Nextcloud Server and Nextcloud Enterprise Server lies in the insecure management of privileges, which allows attackers to disclose protected information.	6 Dec 202400:00	–	bdu_fstec
Circl	CVE-2024-52516	15 Nov 202419:07	–	circl
CNNVD	Nextcloud 安全漏洞	15 Nov 202400:00	–	cnnvd
CVE	CVE-2024-52516	15 Nov 202416:55	–	cve
EUVD	EUVD-2024-45930	3 Oct 202520:07	–	euvd
Nextcloud	Shares are not removed when user is limited to share with in their groups and being removed from one of them	15 Nov 202413:16	–	nextcloud
NVD	CVE-2024-52516	15 Nov 202417:15	–	nvd
OpenVAS	Nextcloud Server 28.x < 28.0.9, 29.x < 29.0.5 Access Control Vulnerability	21 Nov 202400:00	–	openvas
OSV	CVE-2024-52516 Nextcloud Server's shares are not removed when user is limited to share with in their groups and being removed from one of them	15 Nov 202416:55	–	osv
Positive Technologies	PT-2023-27175 · Nextcloud +1 · Nextcloud Server +1	10 Aug 202300:00	–	ptsecurity

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": ">= 28.0.0, < 28.0.9",
        "status": "affected"
      },
      {
        "version": ">= 29.0.0, < 29.0.5",
        "status": "affected"
      }
    ]
  }
]

Source	Link
github	www.github.com/nextcloud/server/commit/142b6e313ffa9d3b950bcd23cb58850d3ae7cf34
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-35gc-jc6x-29cm
github	www.github.com/nextcloud/server/pull/47180

15 Nov 2024 16:55Current

CVSS 3.13

EPSS0.00419

CWE-269