Vulnerabilities > CVE-2024-22404 - Unspecified vulnerability in Nextcloud Zipper
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
References
- https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820
- https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq
- https://hackerone.com/reports/2247457
- https://hackerone.com/reports/2247457