Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Aug 2, 2024
Nextcloud server allows the by-pass the second factor
CVE-2024-37313
Description
Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.
Affected products
2- Range: before 26.0.13, 27.1.8, 28.0.4
- nextcloud/security-advisoriesv5Range: >= 26.0.0, < 26.0.13
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7cmitrex_refsource_CONFIRM
- github.com/nextcloud/server/pull/44276mitrex_refsource_MISC
- hackerone.com/reports/2419776mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.