cnvd - cnvd-2025-11222

cnvd-2025-11222

Vulnerability from cnvd

Title: Nextcloud授权问题漏洞（CNVD-2025-11222）

Description:

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。

Nextcloud存在授权问题漏洞，该漏洞源于攻击者获得用户或管理员会话的访问权限后，无需确认密码即可创建、更改或删除外部存储。攻击者可利用该漏洞造成信息泄露。

Severity: 中

Formal description:

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://nextcloud.com/

Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52518

Impacted products

Name
Nextcloud Nextcloud

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-52518",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-52518"
    }
  },
  "description": "Nextcloud\u662f\u5fb7\u56fdNextcloud\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002\n\nNextcloud\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u653b\u51fb\u8005\u83b7\u5f97\u7528\u6237\u6216\u7ba1\u7406\u5458\u4f1a\u8bdd\u7684\u8bbf\u95ee\u6743\u9650\u540e\uff0c\u65e0\u9700\u786e\u8ba4\u5bc6\u7801\u5373\u53ef\u521b\u5efa\u3001\u66f4\u6539\u6216\u5220\u9664\u5916\u90e8\u5b58\u50a8\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://nextcloud.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-11222",
  "openTime": "2025-05-30",
  "products": {
    "product": "Nextcloud Nextcloud"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52518",
  "serverity": "\u4e2d",
  "submitTime": "2024-11-21",
  "title": "Nextcloud\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2025-11222\uff09"
}

CVE-2024-52518 (GCVE-0-2024-52518)

Vulnerability from cvelistv5

Published

2024-11-15 16:46

Modified

2024-11-15 17:31

Severity ?

4.4 (Medium) - CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-287 - Improper Authentication

Summary

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

References

▼	URL	Tags
	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg	x_refsource_CONFIRM
	https://github.com/nextcloud/server/pull/48373	x_refsource_MISC
	https://github.com/nextcloud/server/pull/48788	x_refsource_MISC
	https://github.com/nextcloud/server/pull/48992	x_refsource_MISC
	https://hackerone.com/reports/2602973	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: >= 28.0.0, < 28.0.12 Version: >= 29.0.0, < 29.0.9 Version: >= 30.0.0, < 30.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T17:31:20.910406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:31:41.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 28.0.0, \u003c 28.0.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 29.0.0, \u003c 29.0.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 30.0.0, \u003c 30.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T16:46:44.675Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/48373",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/48373"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/48788",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/48788"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/48992",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/48992"
        },
        {
          "name": "https://hackerone.com/reports/2602973",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2602973"
        }
      ],
      "source": {
        "advisory": "GHSA-vrhf-532w-99rg",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Server is missing password confirmation when changing external storage options"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52518",
    "datePublished": "2024-11-15T16:46:44.675Z",
    "dateReserved": "2024-11-11T18:49:23.559Z",
    "dateUpdated": "2024-11-15T17:31:41.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted