Security Advisory

Nextcloud Server Security Update Advisory

  • Jun 24 2024

Overview

 

An update has been released to address vulnerability in Nextcloud servers. Users of affected versions are advised to update to the latest version.

 

Affected Products

 

  • Nextcloud Server versions : 26.0.0 (inclusive) ~ 26.0.13 (excluded)
  • Nextcloud Server versions : 27.0.0 (inclusive) ~ 27.1.8 (excluded)
  • Nextcloud Server version : 28.0.0 (inclusive) ~ 28.0.4 (excluded)
  • Nextcloud Server Enterprise version : 21.0.0 (inclusive) ~ 21.0.9.17 (excluded)
  • Nextcloud Server Enterprise version : 22.0.0 (inclusive) ~ 22.2.10.22 (excluded)
  • Nextcloud Server Enterprise version : 23.0.0 (inclusive) ~ 23.0.12.17 (excluded)
  • Nextcloud Server Enterprise version : 24.0.0 (inclusive) ~ 24.0.12.13 (excluded)
  • Nextcloud Server Enterprise version : 25.0.0 (inclusive) ~ 25.0.13.8 (excluded)
  • Nextcloud Server Enterprise version : 26.0.0 (inclusive) ~ 26.0.13 (excluded)
  • Nextcloud Server Enterprise version : 27.0.0 (inclusive) ~ 27.1.8 (excluded)
  • Nextcloud Server Enterprise version : 28.0.0 (inclusive) ~ 28.0.4 (excluded)

 

Resolved Vulnerabilities

 

Vulnerability in Nextcloud that could allow bypassing the second factor of 2FA after providing user credentials (CVE-2024-37313)

 

Vulnerability Patches

 

Vulnerability patches have been made available in the latest updates. Please follow the instructions on the Referenced Sites to update to the latest Vulnerability Patches version.

  • Nextcloud Server version: 26.0.13
  • Nextcloud Server version: 27.1.8
  • Nextcloud Server version: 28.0.4
  • Nextcloud Server Enterprise version: 21.0.9.17
  • Nextcloud Server Enterprise version : 22.2.10.22
  • Nextcloud Server Enterprise version: 23.0.12.17
  • Nextcloud Server Enterprise version : 24.0.12.13
  • Nextcloud Server Enterprise version : 25.0.13.8
  • Nextcloud Server Enterprise version : 26.0.13
  • Nextcloud Server Enterprise version : 27.1.8
  • Nextcloud Server Enterprise version: 28.0.4

 

Referenced Sites

 

[1] Ability to by-pass second factor

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9v72-9xv5-3p7c

Tags:

Previous Post

Next Post