CVE-2024-52520
15.11.2024, 17:15
Nextcloud Server is a self hosted personal cloud system. Due to a pre-flighted HEAD request, the link reference provider could be tricked into downloading bigger websites than intended, to find open-graph data. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.
| Vendor | Product | Version |
|---|---|---|
| nextcloud | nextcloud_server | 27.0.0 ≤ 𝑥 < 27.1.11.8 |
| nextcloud | nextcloud_server | 28.0.0 ≤ 𝑥 < 28.0.10 |
| nextcloud | nextcloud_server | 28.0.0 ≤ 𝑥 < 28.0.10 |
| nextcloud | nextcloud_server | 29.0.0 ≤ 𝑥 < 29.0.7 |
| nextcloud | nextcloud_server | 29.0.0 ≤ 𝑥 < 29.0.7 |
𝑥
= Vulnerable software versions
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')The software does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.