CVE-2024-37314

Опубликовано: 14 июн. 2024

Источник: nvd

CVSS3: 3.5

EPSS Низкий

Описание

Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.

Ссылки

https://github.com/nextcloud/photos/pull/1749
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
Vendor Advisory
https://hackerone.com/reports/1946298
Issue Tracking
https://github.com/nextcloud/photos/pull/1749
Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
Vendor Advisory
https://hackerone.com/reports/1946298
Issue Tracking

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 25.0.0 (включая) до 25.0.7 (исключая)

cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Версия от 26.0.0 (включая) до 26.0.2 (исключая)

EPSS

Процентиль: 22%

0.00069

Низкий

3.5 Low

CVSS3

Дефекты

CWE-284

CWE-862