CVE-2024-37884

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jun 14, 2024
Updated: Aug 8, 2024
CWE ID 284

Summary

CVE-2024-37884: A vulnerability in Nextcloud Server allows unauthorized users with read permissions to send delete requests for old versions of files. This issue affects self-hosted personal cloud systems and poses a risk for data loss. To mitigate this vulnerability, Nextcloud Server users should upgrade to version 26.0.12, 27.1.7, or 28.0.3, while Nextcloud Enterprise Server users should upgrade to the same versions.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Nextcloud Server

Affected Vendors

  • Nextcloud GmbH