CVE-2024-37314

Summary

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 25.0.1, < 25.0.7affected
nextcloudsecurity-advisories>= 26.0.0, < 26.0.2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References