CVE-2024-37314
3.5
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L
Summary
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nextcloud | security-advisories | >= 25.0.1, < 25.0.7 | affected |
| nextcloud | security-advisories | >= 26.0.0, < 26.0.2 | affected |
Weaknesses
- CWE-284: CWE-284: Improper Access Control
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
CVE Program Container
Additional References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
- https://github.com/nextcloud/photos/pull/1749
- https://hackerone.com/reports/1946298
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
- https://github.com/nextcloud/photos/pull/1749
- https://hackerone.com/reports/1946298
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.