CVE-2024-52519

HIGH Year: 2024
CVSS v3 Score
8.2
High
Weakness Type
CWE-922
View all →

Vulnerability Description

Nextcloud Server is a self hosted personal cloud system. The OAuth2 client secrets were stored in a recoverable way, so that an attacker that got access to a backup of the database and the Nextcloud config file, would be able to decrypt them. It is recommended that the Nextcloud Server is upgraded to 28.0.10 or 29.0.7 and Nextcloud Enterprise Server is upgraded to 27.1.11.8, 28.0.10 or 29.0.7.

Related Vulnerabilities

CVE-2022-1044

HIGH
CVSS:8.2(High)

Sensitive Data Exposure Due To Insecure Storage Of Profile Image in GitHub repository polonel/trudesk prior to v1.2.1.

CWE-9222022

CVE-2024-37144

HIGH
CVSS:8.2(High)

Dell PowerFlex appliance versions prior to IC 46.381.00 and IC 46.376.00, Dell PowerFlex rack versions prior to RCM 3.8.1.0 (for RCM 3.8.x train) and prior to RCM 3.7.6.0 (for RCM 3.7.x train), Dell P...

CWE-9222024

CVE-2024-48770

HIGH
CVSS:8.2(High)

An issue in Plug n Play Camera com.wisdomcity.zwave 1.1.0 allows a remote attacker to obtain sensitive information via the firmware update process.

CWE-9222024

CVE-2025-2241

HIGH
CVSS:8.2(High)

A flaw was found in Hive, a component of Multicluster Engine (MCE) and Advanced Cluster Management (ACM). This vulnerability causes VCenter credentials to be exposed in the ClusterProvision object aft...

CWE-9222025

CVE-2025-46627

HIGH
CVSS:8.2(High)

Use of weak credentials in the Tenda RX2 Pro 16.03.30.14 allows an unauthenticated attacker to authenticate to the telnet service by calculating the root password based on easily-obtained device infor...

CWE-9222025

CVE-2024-22773

HIGH
CVSS:8.1(High)

Intelbras Action RF 1200 routers 1.2.2 and earlier and Action RG 1200 routers 2.1.7 and earlier expose the Password in Cookie resulting in Login Bypass.

CWE-9222024