CVE-2024-52525

Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.

CVSS v3 1.8 LOW

1.8^/10

CVSS v3 : LOW

V3 Legend

Vector :

Exploitability : 0.2 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity HIGH

Privileges Required HIGH

User Interaction REQUIRED

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm	Vendor Advisory
https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b	Patch
https://github.com/nextcloud/server/pull/48915	Issue Tracking

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::-:::*
	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

History

23 Jan 2025, 14:33

Type	Values Removed	Values Added
First Time		Nextcloud Nextcloud nextcloud Server
References	~~() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm -~~	() https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm - Vendor Advisory
References	~~() https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b -~~	() https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b - Patch
References	~~() https://github.com/nextcloud/server/pull/48915 -~~	() https://github.com/nextcloud/server/pull/48915 - Issue Tracking
CPE		cpe:2.3:a:nextcloud:nextcloud_server:::::-:::* cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

18 Nov 2024, 17:11

Type	Values Removed	Values Added
Summary		(es) Nextcloud Server es un sistema de nube personal alojado por el usuario. En determinadas circunstancias, la contraseña de un usuario se almacenaba sin cifrar en los datos de la sesión. Los datos de la sesión se cifran antes de guardarse en el almacenamiento de la sesión (Redis o disco), pero esto permitiría que un proceso malicioso que obtenga acceso a la memoria del proceso PHP obtenga acceso a la contraseña en texto plano del usuario. Se recomienda actualizar Nextcloud Server a 28.0.12, 29.0.9 o 30.0.2.

15 Nov 2024, 17:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-11-15 17:15

Updated : 2025-01-23 14:33

NVD link : CVE-2024-52525

Mitre link : CVE-2024-52525

CVE.ORG link : CVE-2024-52525

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-312

Cleartext Storage of Sensitive Information

{"id": "CVE-2024-52525", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 1.8, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:H/PR:H/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.2}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-11-15T17:15:23.150", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-w7v5-mgxm-v6gm", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/server/commit/d25a0a2896a2a981939cacb8ee0d555feef22b3b", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/server/pull/48915", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-312"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2."}, {"lang": "es", "value": "Nextcloud Server es un sistema de nube personal alojado por el usuario. En determinadas circunstancias, la contrase\u00f1a de un usuario se almacenaba sin cifrar en los datos de la sesi\u00f3n. Los datos de la sesi\u00f3n se cifran antes de guardarse en el almacenamiento de la sesi\u00f3n (Redis o disco), pero esto permitir\u00eda que un proceso malicioso que obtenga acceso a la memoria del proceso PHP obtenga acceso a la contrase\u00f1a en texto plano del usuario. Se recomienda actualizar Nextcloud Server a 28.0.12, 29.0.9 o 30.0.2."}], "lastModified": "2025-01-23T14:33:48.657", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "198DA774-A34C-4662-BABA-8E73246BAEC2", "versionEndExcluding": "28.0.12", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "0D64CB01-AF54-472F-A70B-0910DB01B7EF", "versionEndExcluding": "28.0.12", "versionStartIncluding": "28.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "71EE8159-DEB8-452B-A7E5-4D8CED48545B", "versionEndExcluding": "29.0.9", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5B11C227-AAC6-4053-BDC0-2E732B95A854", "versionEndExcluding": "29.0.9", "versionStartIncluding": "29.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*", "vulnerable": true, "matchCriteriaId": "A0880BD6-1031-428B-85D3-83BCC13FF10F", "versionEndExcluding": "30.0.2", "versionStartIncluding": "30.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "5BBD7BC5-F07B-4CB8-8FC7-74BDE3BBEDC5", "versionEndExcluding": "30.0.2", "versionStartIncluding": "30.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}

1.8 /10