CVE-2024-52510

Publication date 15 November 2024

Last updated 30 May 2025


Ubuntu priority

Cvss 3 Severity Score

4.2 · Medium

Score breakdown

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.

Status

Package Ubuntu Release Status
nextcloud-desktop 25.04 plucky
Needs evaluation
24.10 oracular
Needs evaluation
24.04 LTS noble
Needs evaluation
22.04 LTS jammy
Needs evaluation
20.04 LTS focal
Needs evaluation

Severity score breakdown

Parameter Value
Base score 4.2 · Medium
Attack vector Network
Attack complexity High
Privileges required High
User interaction Required
Scope Unchanged
Confidentiality High
Integrity impact None
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:H/I:N/A:N