CVE-2024-52525

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage Redis or disk, but it would allow a malicious process that gains access to t...

CVE-2024-52525

CVE-2024-52525 – Nextcloud Server : The vulnerability concerns how the server handles user passwords in memory. Under certain conditions, a user password could be stored unencrypted in the PHP process memory; although session data is encrypted when stored in Redis or disk, a malicious process wit...

PT-2024-9153 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Description: The issue concerns the storage of user passwords in unencrypted form in session data under certain...

PT-2024-9164 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.12 Nextcloud Server versions prior to 29.0.9 Nextcloud Server versions prior to 30.0.2 Description: The issue is related to insufficient authentication procedure in Nextcloud Server, allowing an attacke...