CVE-2024-52519

CVSS 3.1 Score 2.7 of 10 (low)

Details

Published Nov 15, 2024

CWE ID 922

Summary

CVE-2024-52519 is a vulnerability affecting Nextcloud Server, a self-hosted personal cloud system. The issue lies in the recovery of OAuth2 client secrets, which were stored in a decryptable format. If an attacker gains access to a backup of the database and the Nextcloud config file, they can decrypt these secrets, potentially leading to unauthorized access to user accounts. To mitigate this risk, Nextcloud Server users are advised to upgrade to version 28.0.10 or 29.0.7, while Nextcloud Enterprise Server users should update to versions 27.1.11.8, 28.0.10, or 29.0.7.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nextcloud Server

Affected Vendors

Nextcloud GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/0cEal0
https://www.cve.org/CVERecord?id=CVE-2024-52519
https://nvd.nist.gov/vuln/detail/CVE-2024-52519

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners