Vulnerabilities > CVE-2024-37887 - Unspecified vulnerability in Nextcloud Server
Attack vector
NETWORK Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
Vulnerable Configurations
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595
- https://github.com/nextcloud/server/pull/45309
- https://github.com/nextcloud/server/pull/45309
- https://hackerone.com/reports/2479325
- https://hackerone.com/reports/2479325