CVE-2024-22402

Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist

CVSS 5.4 MEDIUMEPSS 0.5%CWE-281

Vexday Risk Score

13Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS 5.4EPSS 0.5%KEV nãoPoC —Patch —

Lifecycle

18 Jan 2024Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

Affected products

nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nextcloud/guests/pull/1082 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-v3qw-7vgv-2fxj https://hackerone.com/reports/2251074