CVE-2024-22404
CVSS V2 None
CVSS V3 None
Description
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
Overview
- CVE ID
- CVE-2024-22404
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-01-18T20:14:27.914Z
- Last Modified Date
- 2024-01-18T20:14:27.914Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq | x_refsource_CONFIRM |
| https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820 | x_refsource_MISC |
| https://hackerone.com/reports/2247457 | x_refsource_MISC |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-22404 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-22404 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 09:19:30 | Added to TrackCVE |