CVE-2024-37882 HIGH

CVE-2024-37882: Nextcloud Server can reshare read&share only folder with more permissions

Vendor Nextcloud

Product security-advisories

Weakness CWE-284

Published June 14, 2024

Last update August 2, 2024

View on NVD All CVEs

CVSS base score

8.1/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality None

Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

What the vulnerability does

01Description

Nextcloud Server is a self hosted personal cloud system. A recipient of a share with read&share permissions could reshare the item with more permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4 and that the Nextcloud Enterprise Server is upgraded to 26.0.13 or 27.1.8 or 28.0.4.

Key dates

02Disclosure timeline

June 14, 2024 CVE published

August 2, 2024 Record updated

External resources

03References

NVD — National Vulnerability Database https://nvd.nist.gov/vuln/detail/CVE-2024-37882 CWE — Common Weakness Enumeration https://cwe.mitre.org/data/definitions/284.html

Related vulnerabilities

Identifiers

CVE CVE-2024-37882

CWE CWE-284

CVSS 8.1 / HIGH

Affected versions

Vendor Nextcloud

Product security-advisories

Affected >= 26.0.0, < 26.0.13

Vendor Nextcloud

Product security-advisories

Affected >= 27.0.0, < 27.1.8

Vendor Nextcloud

Product security-advisories

Affected >= 28.0.0, < 28.0.4

CVE-2024-37882: Nextcloud Server can reshare read&share only folder with more permissions

01Description

02Disclosure timeline

03References

04Related CVE