Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Aug 2, 2024
Nextcloud Photos' shared albums have no restriction on photo removal
CVE-2024-37314
Description
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
Affected products
3- nextcloud/security-advisoriesv5Range: >= 25.0.1, < 25.0.7
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/photos/pull/1749mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43mitrex_refsource_CONFIRM
- hackerone.com/reports/1946298mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.