QwikSec

Security Database

CVE

CWE

Training

CVE-2024-52510

Published: Nov 15, 2024

Modified: Nov 15, 2024

PUBLISHED

CVSS v3.1

4.2

MEDIUM

Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.

Vendor	Product	Versions
nextcloud	security-advisories	affected `>= 3.0.0, < 3.14.2`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N

Attack Vector

Network

Attack Complexity

High

Privileges Required

High

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

None

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v

x_refsource_CONFIRM

https://github.com/nextcloud/desktop/pull/7333

x_refsource_MISC

https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7

x_refsource_MISC

https://hackerone.com/reports/2597504

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.