{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52514", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-11T18:49:23.558Z", "datePublished": "2024-11-15T17:06:03.628Z", "dateUpdated": "2024-11-15T17:33:13.755Z"}, "containers": {"cna": {"title": "Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj"}, {"name": "https://github.com/nextcloud/server/pull/44889", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/pull/44889"}, {"name": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8"}, {"name": "https://hackerone.com/reports/2447316", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/2447316"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 28.0.0, < 28.0.5", "status": "affected"}, {"version": ">= 27.0.0, < 27.1.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-15T17:06:03.628Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0."}], "source": {"advisory": "GHSA-g8pr-g25r-58xj", "discovery": "UNKNOWN"}}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-11-15T17:32:51.437757Z", "id": "CVE-2024-52514", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:33:13.755Z"}}]}}

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2024-52514", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "state": "PUBLISHED", "assignerShortName": "GitHub_M", "dateReserved": "2024-11-11T18:49:23.558Z", "datePublished": "2024-11-15T17:06:03.628Z", "dateUpdated": "2024-11-15T17:33:13.755Z"}, "containers": {"cna": {"title": "Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control", "problemTypes": [{"descriptions": [{"cweId": "CWE-284", "lang": "en", "description": "CWE-284: Improper Access Control", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}}], "references": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj", "tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj"}, {"name": "https://github.com/nextcloud/server/pull/44889", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/pull/44889"}, {"name": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8", "tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8"}, {"name": "https://hackerone.com/reports/2447316", "tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/2447316"}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": ">= 28.0.0, < 28.0.5", "status": "affected"}, {"version": ">= 27.0.0, < 27.1.9", "status": "affected"}]}], "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2024-11-15T17:06:03.628Z"}, "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0."}], "source": {"advisory": "GHSA-g8pr-g25r-58xj", "discovery": "UNKNOWN"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2024-52514", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-11-15T17:32:51.437757Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-11-15T17:32:55.970Z"}}]}}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0."}, {"lang": "es", "value": "Nextcloud Server es un sistema de nube personal alojado por uno mismo. Despu\u00e9s de que un usuario reciba un recurso compartido con algunos archivos dentro que est\u00e1n bloqueados por el control de acceso a archivos, el usuario a\u00fan podr\u00e1 copiar la carpeta intermedia dentro de Nextcloud, lo que le permitir\u00e1 acceder potencialmente a los archivos bloqueados despu\u00e9s, seg\u00fan las reglas de control de acceso del usuario. Se recomienda que Nextcloud Server se actualice a 27.1.9, 28.0.5 o 29.0.0 y que Nextcloud Enterprise Server se actualice a 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 o 29.0.0."}], "id": "CVE-2024-52514", "lastModified": "2024-11-18T17:11:56.587", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2024-11-15T18:15:30.370", "references": [{"source": "security-advisories@github.com", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g8pr-g25r-58xj"}, {"source": "security-advisories@github.com", "url": "https://github.com/nextcloud/server/commit/5fffbcfe8650eab75b00e8d188fbc95b0e43f3a8"}, {"source": "security-advisories@github.com", "url": "https://github.com/nextcloud/server/pull/44889"}, {"source": "security-advisories@github.com", "url": "https://hackerone.com/reports/2447316"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-284"}], "source": "security-advisories@github.com", "type": "Primary"}]}

{}