CVE-2024-52514

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2024-52514
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52514.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-52514
Aliases
  • GHSA-g8pr-g25r-58xj
Published
2024-11-15T17:06:03.628Z
Modified
2025-12-05T07:20:34.851271Z
Severity
  • 4.1 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N CVSS Calculator
Summary
Nextcloud Server allows users to copy folder that contain files that are blocked by the files access control
Details

Nextcloud Server is a self hosted personal cloud system. After a user received a share with some files inside being blocked by the files access control, the user would still be able to copy the intermediate folder inside Nextcloud allowing them to afterwards potentially access the blocked files depending on the user access control rules. It is recommended that the Nextcloud Server is upgraded to 27.1.9, 28.0.5 or 29.0.0 and Nextcloud Enterprise Server is upgraded to 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5 or 29.0.0.

Database specific 
{
    "cwe_ids": [
        "CWE-284"
    ],
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/52xxx/CVE-2024-52514.json"
}
References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events
Introduced
e15fcecaf0d382cebff924ec2b1f5319e130c0e8
Fixed
0d911312f51625a3693e6ae2304da243e259eade
Database specific 
{
    "versions": [
        {
            "introduced": "28.0.0"
        },
        {
            "fixed": "28.0.5"
        }
    ]
}
Type
GIT
Repo
https://github.com/nextcloud/server
Events
Introduced
add4e4365a4040d2e4e6aa79c0d03c3edd78583c
Fixed
a1dda4117e7e50b85f1bb90f438057459df60a30
Database specific 
{
    "versions": [
        {
            "introduced": "27.0.0"
        },
        {
            "fixed": "27.1.9"
        }
    ]
}

Affected versions

v27.*
v27.0.0
v27.0.1
v27.0.1rc1
v27.0.1rc2
v27.0.2
v27.0.2rc1
v27.1.0
v27.1.0beta2
v27.1.0beta3
v27.1.0rc1
v27.1.0rc2
v27.1.0rc3
v27.1.0rc4
v27.1.1
v27.1.2
v27.1.2rc1
v27.1.3
v27.1.3rc1
v27.1.3rc2
v27.1.4
v27.1.4rc1
v27.1.5
v27.1.5rc1
v27.1.6
v27.1.6rc1
v27.1.6rc2
v27.1.7
v27.1.7rc1
v27.1.7rc2
v27.1.8
v27.1.8rc1
v27.1.9rc1
v28.*
v28.0.0
v28.0.1
v28.0.1rc1
v28.0.2
v28.0.2rc1
v28.0.2rc2
v28.0.2rc3
v28.0.2rc4
v28.0.2rc5
v28.0.3
v28.0.3rc1
v28.0.3rc2
v28.0.4
v28.0.4rc1
v28.0.5rc1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-52514.json"