CVE-2024-37314

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

16 Aug 2024, 19:43

Type Values Removed Values Added
References () https://github.com/nextcloud/photos/pull/1749 - () https://github.com/nextcloud/photos/pull/1749 - Patch
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43 - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43 - Vendor Advisory
References () https://hackerone.com/reports/1946298 - () https://hackerone.com/reports/1946298 - Issue Tracking
CPE cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
CWE CWE-862
First Time Nextcloud nextcloud Server
Nextcloud

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Nextcloud Photos es una aplicación de gestión de fotografías. Los usuarios pueden eliminar fotos del álbum de usuarios registrados. Se recomienda actualizar Nextcloud Server a 25.0.7 o 26.0.2 y Nextcloud Enterprise Server a 25.0.7 o 26.0.2.

14 Jun 2024, 15:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 15:15

Updated : 2024-08-16 19:43


NVD link : CVE-2024-37314

Mitre link : CVE-2024-37314

CVE.ORG link : CVE-2024-37314


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-862

Missing Authorization

CWE-284

Improper Access Control