Multiple vulnerabilities in Nextcloud Server and Enterprise Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2024-52519 CVE-2024-52520 |
| CWE-ID | CWE-922 CWE-400 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Nextcloud Server Client/Desktop applications / Messaging software Nextcloud Enterprise Server Client/Desktop applications / Messaging software |
| Vendor | Nextcloud |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Insecure Storage of Sensitive Information
EUVDB-ID: #VU103058
Risk: Low
CVSSv4.0: 0.1 [CVSS:4.0/AV:L/AC:L/AT:P/PR:H/UI:A/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-52519
CWE-ID:
CWE-922 - Insecure Storage of Sensitive Information
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to the OAuth2 client secrets are stored in a recoverable way. An administrator with physical access can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 28.0.0 - 29.0.6
Nextcloud Enterprise Server: 27.0.0 - 29.0.6
CPE2.3- cpe:2.3:a:nextcloud:nextcloud_server:28.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:28.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:28.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_enterprise_server:27.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_enterprise_server:27.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_enterprise_server:27.0.2:*:*:*:*:*:*:*
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fvpc-8hq6-jgq2
https://github.com/nextcloud/server/pull/47635
https://github.com/nextcloud/server/commit/09b8aea8f6783514bffe00df6abbf9fa542faac5
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Resource exhaustion
EUVDB-ID: #VU103060
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:A/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-52520
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of internal resources. A remote user can trick a link reference provider into downloading bigger websites than intended, trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 28.0.0 - 29.0.6
Nextcloud Enterprise Server: 27.0.0 - 29.0.6
CPE2.3- cpe:2.3:a:nextcloud:nextcloud_server:28.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:28.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:28.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_enterprise_server:27.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_enterprise_server:27.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_enterprise_server:27.0.2:*:*:*:*:*:*:*
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxqf-cfxw-mqmj
https://github.com/nextcloud/server/pull/47627
https://github.com/nextcloud/server/commit/873c42b0f1383d5b6f2b7a481e1d9620ed30f44a
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote authenticated user via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
