CVE-2024-52519
LOWDescription
Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
| nextcloud | nextcloud_server |
References
Frequently Asked Questions
What is CVE-2024-52519? +
How severe is CVE-2024-52519? +
What products are affected by CVE-2024-52519? +
How do I check if I'm vulnerable to CVE-2024-52519? +
Related Vulnerabilities
Insecure information storage vulnerability in NTFS Tools version 3.5.1. Exploitation of this vulnerability could allow an attacker to know the …
The vulnerability allows a malicious low-privileged PAM user to access information about other PAM users and their group memberships.
Insecure Storage of Sensitive Information vulnerability in Calix GigaCenter ONT (Quantenna SoC modules) allows admin access to the web interface.This …
Insecure Storage of Sensitive Information vulnerability in MeetMe on iOS, Android allows Retrieve Embedded Sensitive Data. This issue affects MeetMe: …
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Prior to version 26.0.0, an attack chain utilizing Stored …
The TNC Toolbox: Web Performance plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and …