Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2024-37313
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-14 Jun, 2024 | 14:50
Updated At-02 Aug, 2024 | 03:50
Rejected At-
▼CVE Numbering Authority (CNA)
Nextcloud server allows the by-pass the second factor

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the second factor of 2FA after successfully providing the user credentials. It is recommended that the Nextcloud Server is upgraded to 26.0.13, 27.1.8 or 28.0.4 and Nextcloud Enterprise Server is upgraded to 21.0.9.17, 22.2.10.22, 23.0.12.17, 24.0.12.13, 25.0.13.8, 26.0.13, 27.1.8 or 28.0.4.

Affected Products
Vendor
Nextcloud GmbHnextcloud
Product
security-advisories
Versions
Affected
  • >= 26.0.0, < 26.0.13
  • >= 27.0.0, < 27.1.8
  • >= 28.0.0, < 28.0.4
Problem Types
TypeCWE IDDescription
CWECWE-287CWE-287: Improper Authentication
Metrics
VersionBase scoreBase severityVector
3.17.3HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
x_refsource_CONFIRM
https://github.com/nextcloud/server/pull/44276
x_refsource_MISC
https://hackerone.com/reports/2419776
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
Nextcloud GmbHnextcloud
Product
server
CPEs
  • cpe:2.3:a:nextcloud:server:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 26.0.0 before 26.0.13 (custom)
  • From 27.0.0 before 27.1.8 (custom)
  • From 28.0.0 before 28.0.4 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c
x_refsource_CONFIRM
x_transferred
https://github.com/nextcloud/server/pull/44276
x_refsource_MISC
x_transferred
https://hackerone.com/reports/2419776
x_refsource_MISC
x_transferred
Details not found