Vulnerability Description
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Zipper | < 1.2.1 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mVendor Advisory
- https://hackerone.com/reports/2247457Permissions RequiredThird Party Advisory
- https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mVendor Advisory
- https://hackerone.com/reports/2247457Permissions RequiredThird Party Advisory
FAQ
What is CVE-2024-22404?
CVE-2024-22404 is a vulnerability with a CVSS score of 4.1 (MEDIUM). Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It ...
How severe is CVE-2024-22404?
CVE-2024-22404 has been rated MEDIUM with a CVSS base score of 4.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-22404?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Zipper.