Vulnerabilities > CVE-2024-52517 - Unspecified vulnerability in Nextcloud Server

CVSS 5.9 - MEDIUM

Attack vector

NETWORK

Attack complexity

HIGH

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

network

high complexity

nextcloud

NVD

Published: 2024-11-15

Updated: 2025-01-06

Summary

Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Nextcloud Server 27.0.0 Nextcloud Nextcloud Server 27.1.0 Nextcloud Nextcloud Server 27.1.3 Nextcloud Nextcloud Server 26.0.0 Nextcloud Nextcloud Server 26.0.2 Nextcloud Nextcloud Server 26.0.3 Nextcloud Nextcloud Server 26.0.4 Nextcloud Nextcloud Server 26.0.6 Nextcloud Nextcloud Server 26.0.8 Nextcloud Nextcloud Server * Nextcloud Nextcloud Server 25.0.0 Nextcloud Nextcloud Server 25.0.2 Nextcloud Nextcloud Server 25.0.3 Nextcloud Nextcloud Server 25.0.4 Nextcloud Nextcloud Server 25.0.5 Nextcloud Nextcloud Server 25.0.6 Nextcloud Nextcloud Server 25.0.7 Nextcloud Nextcloud Server 25.0.8 Nextcloud Nextcloud Server 25.0.9 Nextcloud Nextcloud Server 25.0.11 Nextcloud Nextcloud Server 25.0.13 Nextcloud Nextcloud Server 28.0.0	30

Summary

Vulnerable Configurations

References