CVE-2024-22402

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Published Jan 18, 2024

Updated: Jan 26, 2024

CWE ID 281

Summary

CVE-2024-22402 affects the Nextcloud Guests app, allowing unauthorized users to access the first page of apps they shouldn't be able to see. This issue, which may result in permissions bypass, is particularly problematic for installations with a large number of apps. It is strongly advised to upgrade the Guests app to versions 2.4.1, 2.5.1, or 3.0.1 as soon as possible, as no known workarounds exist for this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Nextcloud GmbH

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/uGO6Bz
https://www.cve.org/CVERecord?id=CVE-2024-22402
https://nvd.nist.gov/vuln/detail/CVE-2024-22402

Back to Vulnerability Database

CVE-2024-22402

CVSS 3.1 Score 5.4 of 10 (medium)

Details

Summary

Affected Vendors

Advisories, Assessments, and Mitigations