Vulnerabilities > CVE-2024-37314 - Missing Authorization vulnerability in Nextcloud Server

CVSS 3.5 - LOW

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

LOW

network

low complexity

nextcloud

CWE-862

NVD

Published: 2024-06-14

Updated: 2024-08-16

Summary

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Nextcloud Server 26.0.0 Nextcloud Nextcloud Server 26.0.1 Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Server 25.0.2 Nextcloud Nextcloud Server 25.0.3 Nextcloud Nextcloud Server 25.0.4 Nextcloud Nextcloud Server 25.0.5 Nextcloud Nextcloud Server 25.0.6	16

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
https://github.com/nextcloud/photos/pull/1749
https://hackerone.com/reports/1946298