Anyone who runs their own cloud with Nextcloud should update their server. Otherwise, attacks are possible and attackers can gain access.
Advertisement
Multiple software vulnerabilities
In total, the cloud software provider has closed twelve security gaps. In addition to Nextcloud Server and Nextcloud Enterprise Server, certain components such as the calendar are also at risk.
The majority of vulnerabilities are classified as “medium“. After successful attacks, attackers can, among other things, manipulate calendar entries and direct victims to a website they control.
also read
The most dangerous are two vulnerabilities in Nextcloud and Nextcloud Enterprise. These allow attackers to expand the rights of shares (CVE-2024-37882 “high“) or bypass two-factor authentication (CVE-2024-37313 “high“). The developers do not currently explain how such attacks might work.
Because a list of the threatened and fixed versions would go beyond the scope of this message, admins must read this information in the linked warning posts.
List sorted by threat level in descending order:
(of)