Vulnerabilities > CVE-2024-22404 - Improper Preservation of Permissions vulnerability in Nextcloud Zipper

CVSS 4.3 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

LOW

Integrity impact

NONE

Availability impact

NONE

network

low complexity

nextcloud

CWE-281

NVD

Published: 2024-01-18

Updated: 2024-01-26

Summary

Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Zipper 1.4.0 Nextcloud Zipper 1.0.0 Nextcloud Zipper 1.0.1 Nextcloud Zipper 1.1.0 Nextcloud Zipper 1.1.1 Nextcloud Zipper 1.1.2 Nextcloud Zipper 1.2.0	7

Common Weakness Enumeration (CWE)

CWE-281 - Improper Preservation of Permissions

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References