CVE-2024-37315
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
14/06/2024
Last modified:
08/08/2024
Description
Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3.
Impact
Base Score 3.x
4.30
Severity 3.x
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 23.0.0 (including) | 23.0.12 (including) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 24.0.0 (including) | 24.0.12 (including) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 25.0.0 (including) | 25.0.13 (excluding) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* | 26.0.0 (including) | 26.0.12 (excluding) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 26.0.0 (including) | 26.0.12 (excluding) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* | 27.0.0 (including) | 27.1.7 (excluding) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 27.0.0 (including) | 27.1.7 (excluding) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* | 28.0.0 (including) | 28.0.3 (excluding) |
| cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* | 28.0.0 (including) | 28.0.3 (excluding) |
To consult the complete list of CPE names with products and versions, see this page