CVE-2024-52509

Summary

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories>=2.2.0, < 2.2.10affected
nextcloudsecurity-advisories>= 3.6.0, < 3.6.2affected
nextcloudsecurity-advisories>= 3.7.0, < 3.7.2affected

Weaknesses

  • CWE-284: CWE-284: Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References