Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
References
Link | Resource |
---|---|
https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820 | Patch |
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq | Vendor Advisory |
https://hackerone.com/reports/2247457 | Permissions Required Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2024-01-18T20:14:27.914Z
Updated: 2024-01-18T20:14:27.914Z
Reserved: 2024-01-10T15:09:55.548Z
Link: CVE-2024-22404
JSON object: View
NVD Information
Status : Analyzed
Published: 2024-01-18T21:15:08.830
Modified: 2024-01-26T14:37:23.880
Link: CVE-2024-22404
JSON object: View
Redhat Information
No data.
CWE