CVE-2024-37314

{"id": "CVE-2024-37314", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2024-06-14T15:15:51.697", "references": [{"url": "https://github.com/nextcloud/photos/pull/1749", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/1946298", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/photos/pull/1749", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5prm-wp43", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://hackerone.com/reports/1946298", "tags": ["Issue Tracking"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-862"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2."}, {"lang": "es", "value": "Nextcloud Photos es una aplicaci\u00f3n de gesti\u00f3n de fotograf\u00edas. Los usuarios pueden eliminar fotos del \u00e1lbum de usuarios registrados. Se recomienda actualizar Nextcloud Server a 25.0.7 o 26.0.2 y Nextcloud Enterprise Server a 25.0.7 o 26.0.2."}], "lastModified": "2024-11-21T09:23:35.537", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "080E81EB-85E3-41B1-A26F-38875D8F7B13", "versionEndExcluding": "25.0.7", "versionStartIncluding": "25.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A77EE9B-2C50-4342-8E7A-4DA522FED92D", "versionEndExcluding": "26.0.2", "versionStartIncluding": "26.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}