ByteOS Network

NVD Vulnerability Details :

CVE-2024-52510

Analyzed

Source-security-advisories@github.com

Published At-15 Nov, 2024 | 18:15

Updated At-28 Aug, 2025 | 14:21

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Secondary	3.1	4.2	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N
Primary	3.1	7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CPE Matches

Nextcloud GmbH

>>desktop>>Versions from 3.0.0(inclusive) to 3.14.2(exclusive)

cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-295	Primary	security-advisories@github.com

References

Hyperlink	Source	Resource
https://github.com/nextcloud/desktop/commit/97539218e6f63c3a3fd1694cb7d8aef27c5910d7	security-advisories@github.com	Patch
https://github.com/nextcloud/desktop/pull/7333	security-advisories@github.com	Patch
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v	security-advisories@github.com	Third Party Advisory
https://hackerone.com/reports/2597504	security-advisories@github.com	Issue Tracking

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History