CVE-2024-22401

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Published Jan 18, 2024

Updated: Jan 26, 2024

CWE ID 281

Summary

CVE-2024-22401 is a vulnerability affecting the Nextcloud Guests app. In affected versions, guests are able to manipulate the allowed list of apps, enabling unintended usage of certain applications. This issue grants unauthorized privileges, posing a potential security risk. To mitigate this vulnerability, it is strongly advised to upgrade the Guests app to version 2.4.1, 2.5.1, or 3.0.1. Unfortunately, there are currently no known workarounds for this issue.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nextcloud GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uGOOsP
https://www.cve.org/CVERecord?id=CVE-2024-22401
https://nvd.nist.gov/vuln/detail/CVE-2024-22401

Back to Vulnerability Database

CVE-2024-22401

CVSS 3.1 Score 4.3 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations