Louis Chemineau

4 exploits Active since Nov 2024
CVE-2024-52516 WRITEUP LOW WRITEUP
Nextcloud Server 26.0.0-26.0.13.8 and 28.0.0-28.0.8 - Improper Privilege Management
Nextcloud Server is a self hosted personal cloud system. When a server is configured to only allow sharing with users that are in ones own groups, after a user was removed from a group, previously shared items were not unshared. It is recommended that the Nextcloud Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6 and Nextcloud Enterprise Server is upgraded to 22.2.11 or 23.0.11 or 24.0.6.
CVSS 3.0
CVE-2024-52517 WRITEUP MEDIUM WRITEUP
Nextcloud Server 25.0.0-25.0.13/28.0.0-28.0.11 - Sensitive Info Exposure via API
Nextcloud Server is a self hosted personal cloud system. After storing "Global credentials" on the server, the API returns them and adds them into the frontend again, allowing to read them in plain text when an attacker already has access to an active session of a user. It is recommended that the Nextcloud Server is upgraded to 28.0.11, 29.0.8 or 30.0.1 and Nextcloud Enterprise Server is upgraded to 25.0.13.13, 26.0.13.9, 27.1.11.9, 28.0.11, 29.0.8 or 30.0.1.
CVSS 4.6
CVE-2024-52521 WRITEUP LOW WRITEUP
Nextcloud Server <28.0.10-30.0.0 - Info Disclosure
Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 the probability was heavily decreased. It is recommended that the Nextcloud Server is upgraded to 28.0.10, 29.0.7 or 30.0.0.
CVSS 2.6
CVE-2025-66510 WRITEUP MEDIUM WRITEUP
Nextcloud Server <32.0.1 - Info Disclosure
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without proper access control. This allows an authenticated user to retrieve information about accounts that are not related or added as contacts.
CVSS 4.5