CVE-2024-30247

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-30247
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.

10.0 /10

CVSS v3 : CRITICAL

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope CHANGED

References
Link Resource
https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982
https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982
Configurations

No configuration.

History

21 Nov 2024, 09:11

Type Values Removed Values Added
Summary
  • (es) NextcloudPi es una imagen lista para usar para Máquinas Virtuales, Raspberry Pi, Odroid HC1, Rock64 y otras placas. Una vulnerabilidad de inyección de comandos en NextCloudPi permite la ejecución de comandos como usuario root a través del panel web de NextCloudPi. Debido a una mala configuración de seguridad, cualquier persona con acceso al panel web de NextCloudPi puede utilizarlo; no se requiere autenticación. Se recomienda actualizar NextCloudPi a 1.53.1.
References () https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982 - () https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982 -

29 Mar 2024, 16:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-03-29 16:15

Updated : 2024-11-21 09:11

NVD link : CVE-2024-30247

Mitre link : CVE-2024-30247

CVE.ORG link : CVE-2024-30247

JSON object : View

Products Affected

No product.

CWE
CWE-78

Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024