CVE-2024-37887

Summary

Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>= 27.0.0, < 27.1.10affected
nextcloudsecurity-advisories>= 27.0.0, < 28.0.6affected
nextcloudsecurity-advisories>= 27.0.0, < 29.0.1affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References