Vulnerability Description
Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud Enterprise Server is upgraded to 25.0.7 or 26.0.2.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | >= 25.0.0, < 25.0.7 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/photos/pull/1749Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5Vendor Advisory
- https://hackerone.com/reports/1946298Issue Tracking
- https://github.com/nextcloud/photos/pull/1749Patch
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9chh-5Vendor Advisory
- https://hackerone.com/reports/1946298Issue Tracking
FAQ
What is CVE-2024-37314?
CVE-2024-37314 is a vulnerability with a CVSS score of 3.5 (LOW). Nextcloud Photos is a photo management app. Users can remove photos from the album of registered users. It is recommended that the Nextcloud Server is upgraded to 25.0.7 or 26.0.2 and the Nextcloud En...
How severe is CVE-2024-37314?
CVE-2024-37314 has been rated LOW with a CVSS base score of 3.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-37314?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.