cvedb.io
CVE-2024-52518
MEDIUM · CVSS 4.4
EPSS exploitation probability: 0%
Published 2024-11-15T17:15:21.543 · Last modified 2026-06-17T08:07:22.527

Summary

Nextcloud Server is a self hosted personal cloud system. After an attacker got access to the session of a user or administrator, the attacker would be able to create, change or delete external storages without having to confirm the password. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

Affected products

nextcloud — nextcloud_server

Does this affect you?

Add your gear to cvedb and we'll alert you only when nextcloud ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.