CVE-2024-37314: Nextcloud Photos' shared albums have no restriction on photo removal
First published: Fri Jun 14 2024(Updated: )
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | >=25.0.0<25.0.7 | |
| Nextcloud Nextcloud Server | >=26.0.0<26.0.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- agent/references
- agent/title
- agent/type
- agent/description
- agent/first-publish-date
- agent/author
- agent/severity
- agent/event
- collector/mitre-cve
- source/MITRE
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/remedy
- agent/last-modified-date
- agent/weakness
- agent/softwarecombine
- agent/tags
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/25.0.0
- version/nextcloud nextcloud server/26.0.0