cnvd - cnvd-2025-11222

CNVD-2025-11222

Vulnerability from cnvd - Published: 2025-05-30

Title

Nextcloud授权问题漏洞（CNVD-2025-11222）

Description

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在授权问题漏洞，该漏洞源于攻击者获得用户或管理员会话的访问权限后，无需确认密码即可创建、更改或删除外部存储。攻击者可利用该漏洞造成信息泄露。

Severity

中

Formal description

目前厂商尚未发布升级程序修复该安全问题，详情见厂商官网： https://nextcloud.com/

Reference

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52518

Impacted products

Name
Nextcloud Nextcloud

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2024-52518",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2024-52518"
    }
  },
  "description": "Nextcloud\u662f\u5fb7\u56fdNextcloud\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002\n\nNextcloud\u5b58\u5728\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u653b\u51fb\u8005\u83b7\u5f97\u7528\u6237\u6216\u7ba1\u7406\u5458\u4f1a\u8bdd\u7684\u8bbf\u95ee\u6743\u9650\u540e\uff0c\u65e0\u9700\u786e\u8ba4\u5bc6\u7801\u5373\u53ef\u521b\u5efa\u3001\u66f4\u6539\u6216\u5220\u9664\u5916\u90e8\u5b58\u50a8\u3002\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u9020\u6210\u4fe1\u606f\u6cc4\u9732\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5c1a\u672a\u53d1\u5e03\u5347\u7ea7\u7a0b\u5e8f\u4fee\u590d\u8be5\u5b89\u5168\u95ee\u9898\uff0c\u8be6\u60c5\u89c1\u5382\u5546\u5b98\u7f51\uff1a\r\nhttps://nextcloud.com/",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2025-11222",
  "openTime": "2025-05-30",
  "products": {
    "product": "Nextcloud Nextcloud"
  },
  "referenceLink": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-52518",
  "serverity": "\u4e2d",
  "submitTime": "2024-11-21",
  "title": "Nextcloud\u6388\u6743\u95ee\u9898\u6f0f\u6d1e\uff08CNVD-2025-11222\uff09"
}

CVE-2024-52518 (GCVE-0-2024-52518)

Vulnerability from cvelistv5 – Published: 2024-11-15 16:46 – Updated: 2024-11-15 17:31

Summary

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Severity ?

4.4 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-287 - Improper Authentication

Assigner

GitHub_M

References

URL

Tags

	https://github.com/nextcloud/security-advisories/…	x_refsource_CONFIRM
	https://github.com/nextcloud/server/pull/48373	x_refsource_MISC
	https://github.com/nextcloud/server/pull/48788	x_refsource_MISC
	https://github.com/nextcloud/server/pull/48992	x_refsource_MISC
	https://hackerone.com/reports/2602973	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Affected: >= 28.0.0, < 28.0.12 Affected: >= 29.0.0, < 29.0.9 Affected: >= 30.0.0, < 30.0.2

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2024-52518",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2024-11-15T17:31:20.910406Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2024-11-15T17:31:41.474Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 28.0.0, \u003c 28.0.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 29.0.0, \u003c 29.0.9"
            },
            {
              "status": "affected",
              "version": "\u003e= 30.0.0, \u003c 30.0.2"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "HIGH",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-287",
              "description": "CWE-287: Improper Authentication",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2024-11-15T16:46:44.675Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vrhf-532w-99rg"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/48373",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/48373"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/48788",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/48788"
        },
        {
          "name": "https://github.com/nextcloud/server/pull/48992",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/server/pull/48992"
        },
        {
          "name": "https://hackerone.com/reports/2602973",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/2602973"
        }
      ],
      "source": {
        "advisory": "GHSA-vrhf-532w-99rg",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Server is missing password confirmation when changing external storage options"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2024-52518",
    "datePublished": "2024-11-15T16:46:44.675Z",
    "dateReserved": "2024-11-11T18:49:23.559Z",
    "dateUpdated": "2024-11-15T17:31:41.474Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2025-11222

CVE-2024-52518 (GCVE-0-2024-52518)

Tags

Sightings

Nomenclature