CVE-2024-37884
CVSS 3.1 Score 5.4 of 10 (medium)
Details
Published Jun 14, 2024
Updated: Aug 8, 2024
CWE ID 284
Summary
CVE-2024-37884: A vulnerability in Nextcloud Server allows unauthorized users with read permissions to send delete requests for old versions of files. This issue affects self-hosted personal cloud systems and poses a risk for data loss. To mitigate this vulnerability, Nextcloud Server users should upgrade to version 26.0.12, 27.1.7, or 28.0.3, while Nextcloud Enterprise Server users should upgrade to the same versions.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Share
Affected Products
- Nextcloud Server
Affected Vendors
- Nextcloud GmbH