CVE-2024-52509

LOW Year: 2024
CVSS v3 Score
3.5
Low
Weakness Type
CWE-284
View all →

Vulnerability Description

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. The Nextcloud mail app incorrectly allowed attaching shared files without download permissions as attachments. This allowed users to send them the files to themselves and then downloading it from their mail clients. It is recommended that the Nextcloud Mail is upgraded to 2.2.10, 3.6.2 or 3.7.2.

Related Vulnerabilities

CVE-2016-4874

LOW
CVSS:3.5(Low)

Cybozu Office 9.0.0 through 10.4.0 allows remote attackers to conduct a "reflected file download" attack.

CWE-2842016

CVE-2020-3126

LOW
CVSS:3.5(Low)

vulnerability within the Multimedia Viewer feature of Cisco Webex Meetings could allow an authenticated, remote attacker to bypass security protections. The vulnerability is due to missing security wa...

CWE-2842020

CVE-2021-22567

LOW
CVSS:3.5(Low)

Bidirectional Unicode text can be interpreted and compiled differently than how it appears in editors which can be exploited to get nefarious code passed a code review by appearing benign. An attacker...

CWE-2842021

CVE-2022-39860

LOW
CVSS:3.5(Low)

Improper access control vulnerability in QuickShare prior to version 13.2.3.5 allows attackers to access sensitive information via implicit broadcast.

CWE-2842022

CVE-2023-28845

LOW
CVSS:3.5(Low)

Nextcloud talk is a video & audio conferencing app for Nextcloud. In affected versions the talk app does not properly filter access to a conversations member list. As a result an attacker could use th...

CWE-2842023

CVE-2023-49098

LOW
CVSS:3.5(Low)

Discourse-reactions is a plugin that allows user to add their reactions to the post. Data about a user's reaction notifications could be exposed. This vulnerability was patched in commit 2c26939.

CWE-2842023