Unrated severityNVD Advisory· Published Jun 14, 2024· Updated Sep 3, 2024
Nextcloud Server's users can delete old versions of read-only shared files
CVE-2024-37884
Description
Nextcloud Server is a self hosted personal cloud system. A malicious user was able to send delete requests for old versions of files they only got shared with read permissions. It is recommended that the Nextcloud Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 26.0.12 or 27.1.7 or 28.0.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: before 26.0.12, 27.1.7, 28.0.3
- nextcloud/security-advisoriesv5Range: >= 26.0.0, < 26.0.13
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/security-advisories/security/advisories/GHSA-xwgx-f37p-xh8cmitrex_refsource_CONFIRM
- github.com/nextcloud/server/pull/43727mitrex_refsource_MISC
- hackerone.com/reports/2290680mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.