Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools

guests

Source -

NVD

CNA CVEs -

0

ADP CVEs -

0

CISA CVEs -

0

NVD CVEs -

3
Related CVEsRelated VendorsRelated AssignersReports
3Vulnerabilities found
CVE-2025-59716
Assigner-MITRE Corporation
ShareView Details
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.05% / 15.53%
||
7 Day CHG~0.00%
Published-05 Nov, 2025 | 00:00
Updated-07 Jan, 2026 | 17:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register/{email}/{token} endpoint. Because of insufficient validation of the supplied token in showPasswordForm, the server responds differently when an e-mail address corresponds to a valid pending guest user rather than a non-existent user.

Action-Not Available
Vendor-n/aownCloud GmbH
Product-guestsn/a
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-203
Observable Discrepancy
CVE-2024-22402
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.32% / 54.48%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 20:23
Updated-09 Jun, 2025 | 18:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Nextcloud GmbH
Product-guestssecurity-advisories
CWE ID-CWE-281
Improper Preservation of Permissions
CVE-2024-22401
Assigner-GitHub, Inc.
ShareView Details
Assigner-GitHub, Inc.
CVSS Score-4.1||MEDIUM
EPSS-0.32% / 54.63%
||
7 Day CHG~0.00%
Published-18 Jan, 2024 | 20:23
Updated-21 Oct, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
All users can reset the allowed apps list for Nextcloud Guest App users

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-Nextcloud GmbH
Product-guestssecurity-advisories
CWE ID-CWE-281
Improper Preservation of Permissions