Unrated severityNVD Advisory· Published Jan 18, 2024· Updated Jun 2, 2025
Permissions bypass in Nextcloud with the files zip app
CVE-2024-22404
Description
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- nextcloud/security-advisoriesv5Range: >= 1.2.0, < 1.2.1
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fqmitrex_refsource_CONFIRM
- hackerone.com/reports/2247457mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.