Vulnerabilities > CVE-2024-52518 - Incorrect Authorization vulnerability in Nextcloud Server

CVSS 5.4 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

NONE

Integrity impact

LOW

Availability impact

LOW

network

low complexity

nextcloud

CWE-863

NVD

Published: 2024-11-15

Updated: 2025-01-23

Summary

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud Nextcloud Server *	1

Common Weakness Enumeration (CWE)

CWE-863 - Incorrect Authorization

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg
https://github.com/nextcloud/server/pull/48373
https://github.com/nextcloud/server/pull/48788
https://github.com/nextcloud/server/pull/48992
https://hackerone.com/reports/2602973