Vulnerability Details CVE-2024-37314
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 21.8%
CVSS Severity
CVSS v3 Score 3.5
References
- https://github.com/nextcloud/photos/pull/1749
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
- https://hackerone.com/reports/1946298
- https://github.com/nextcloud/photos/pull/1749
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43
- https://hackerone.com/reports/1946298
Products affected by CVE-2024-37314
-
cpe:2.3:a:nextcloud:nextcloud_server:25.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:25.0.2
-
cpe:2.3:a:nextcloud:nextcloud_server:25.0.3
-
cpe:2.3:a:nextcloud:nextcloud_server:25.0.4
-
cpe:2.3:a:nextcloud:nextcloud_server:25.0.5
-
cpe:2.3:a:nextcloud:nextcloud_server:25.0.6
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:26.0.1