Show plain JSON{"id": "CVE-2024-52513", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.6, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 1.2}]}, "published": "2024-11-15T18:15:30.157", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gxph-5m4j-pfmj", "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/text/commit/ca24b25c93b81626b4e457c260243edeab5f1548", "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/text/pull/6485", "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/2376900", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. After receiving a \"Files drop\" or \"Password protected\" share link a malicious user was able to download attachments that are referenced in Text files without providing the password. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1."}, {"lang": "es", "value": "Nextcloud Server es un sistema de nube personal alojado por uno mismo. Despu\u00e9s de recibir un enlace para compartir con el mensaje \"Files drop\" o \"Password protected\", un usuario malintencionado pudo descargar archivos adjuntos a los que se hace referencia en archivos de texto sin proporcionar la contrase\u00f1a. Se recomienda actualizar Nextcloud Server a 28.0.11, 29.0.8 o 30.0.1 y Nextcloud Enterprise Server a 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 o 30.0.1."}], "lastModified": "2024-11-18T17:11:56.587", "sourceIdentifier": "security-advisories@github.com"}