VYPR
Unrated severityNVD Advisory· Published Nov 15, 2024· Updated Nov 15, 2024

Nextcloud Mail app does not respect download permissions in shares

CVE-2024-52509

Description

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Range: before 2.2.10, 3.6.2, 3.7.2
  • nextcloud/security-advisoriesv5
    Range: >=2.2.0, < 2.2.10

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.