Vulnerability Details CVE-2024-37887
Nextcloud Server is a self hosted personal cloud system. Private shared calendar events' recurrence exceptions can be read by sharees. It is recommended that the Nextcloud Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1 and that the Nextcloud Enterprise Server is upgraded to 27.1.10 or 28.0.6 or 29.0.1.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 18.0%
CVSS Severity
CVSS v3 Score 3.5
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595
- https://github.com/nextcloud/server/pull/45309
- https://hackerone.com/reports/2479325
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h4xv-cjpm-j595
- https://github.com/nextcloud/server/pull/45309
- https://hackerone.com/reports/2479325
Products affected by CVE-2024-37887
-
cpe:2.3:a:nextcloud:nextcloud_server:*
-
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0
-
cpe:2.3:a:nextcloud:nextcloud_server:27.0.1
-
cpe:2.3:a:nextcloud:nextcloud_server:27.0.2
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.0
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.1
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.2
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.3
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.4
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.5
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.6
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.7
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.8
-
cpe:2.3:a:nextcloud:nextcloud_server:27.1.9
-
cpe:2.3:a:nextcloud:nextcloud_server:29.0.0