Home > Vulnerability Database > CVE-2024-22401

Mend.io Vulnerability Database

CVE-2024-22401

Good to know:

Date: January 18, 2024

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.

Language: PHP

Severity Score

4.1

Related Resources (5)

Url: https://hackerone.com/reports/2250398

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh

Url: https://github.com/nextcloud/guests/pull/1082

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-22401

Url: https://www.mend.io/vulnerability-database/CVE-2024-22401

Severity Score

4.1

Weakness Type (CWE)

Improper Preservation of Permissions

CWE-281

Top Fix

Upgrade Version

Upgrade to version v2.4.1,v2.5.1,v3.0.1

Learn More

CVSS v3.1

Base Score:	4.1
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-22401

Good to know:

Date: January 18, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?