CVE-2024-22404

{"id": "CVE-2024-22404", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.8}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 4.1, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.3}]}, "published": "2024-01-18T21:15:08.830", "references": [{"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/2247457", "tags": ["Permissions Required", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-281"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app."}, {"lang": "es", "value": "La aplicaci\u00f3n Nextcloud files Zip es una herramienta para crear archivos zip a partir de uno o varios archivos desde Nextcloud. En las versiones afectadas, los usuarios pueden descargar archivos de \"s\u00f3lo lectura\" comprimiendo la carpeta completa. Se recomienda actualizar la aplicaci\u00f3n Archivos ZIP a 1.2.1, 1.4.1 o 1.5.0. Los usuarios que no puedan actualizar deben desactivar la aplicaci\u00f3n de archivos zip."}], "lastModified": "2024-01-26T14:37:23.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:zipper:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2CACAF88-8B0B-4909-B633-02EE818C3F8C", "versionEndExcluding": "1.2.1"}, {"criteria": "cpe:2.3:a:nextcloud:zipper:1.4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEFDD9DF-54EB-47B4-A70D-D3910C77F2B0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}