CVE-2024-30247
CVSS V2 None
CVSS V3 None
Description
NextcloudPi is a ready to use image for Virtual Machines, Raspberry Pi, Odroid HC1, Rock64 and other boards. A command injection vulnerability in NextCloudPi allows command execution as the root user via the NextCloudPi web-panel. Due to a security misconfiguration this can be used by anyone with access to NextCloudPi web-panel, no authentication is required. It is recommended that the NextCloudPi is upgraded to 1.53.1.
Overview
- CVE ID
- CVE-2024-30247
- Assigner
- GitHub_M
- Vulnerability Status
- PUBLISHED
- Published Version
- 2024-03-29T15:57:57.034Z
- Last Modified Date
- 2024-03-29T15:57:57.034Z
Weakness Enumerations
References
| Reference URL | Reference Tags |
|---|---|
| https://github.com/nextcloud/nextcloudpi/security/advisories/GHSA-m597-72v7-j982 | x_refsource_CONFIRM |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2024-30247 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-30247 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2024-06-26 11:48:14 | Added to TrackCVE |