Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users could change the allowed list of apps, allowing them to use apps that were not intended to be used. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.
References
Link | Resource |
---|---|
https://github.com/nextcloud/guests/pull/1082 | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wr87-hx3w-29hh | Vendor Advisory |
https://hackerone.com/reports/2250398 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-18T20:23:52.765Z
Updated: 2024-01-18T20:23:52.765Z
Reserved: 2024-01-10T15:09:55.547Z
Link: CVE-2024-22401
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-18T21:15:08.343
Modified: 2024-01-26T14:42:35.147
Link: CVE-2024-22401
JSON object: View
Redhat Information
No data.
CWE