Home > Vulnerability Database > CVE-2024-37315

Mend.io Vulnerability Database

CVE-2024-37315

Good to know:

Date: June 14, 2024

Nextcloud Server is a self hosted personal cloud system. An attacker with read-only access to a file is able to restore older versions of a document when the files_versions app is enabled. It is recommended that the Nextcloud Server is upgraded to 26.0.12, 27.1.7 or 28.0.3 and that the Nextcloud Enterprise Server is upgraded to 23.0.12.16, 24.0.12.12, 25.0.13.6, 26.0.12, 27.1.7 or 28.0.3.

Language: PHP

Severity Score

3.5

Related Resources (5)

Url: https://hackerone.com/reports/1356508

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5mq8-738w-5942

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-37315

Url: https://github.com/nextcloud/server/pull/43727

Url: https://www.mend.io/vulnerability-database/CVE-2024-37315

Severity Score

3.5

Weakness Type (CWE)

Improper Access Control

CWE-284

Top Fix

Upgrade Version

Upgrade to version v26.0.12,v27.1.7,v28.0.3

Learn More

CVSS v3.1

Base Score:	3.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-37315

Good to know:

Date: June 14, 2024

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?