Nextcloud Unencrypted Password in Session Memory (v<28.0.12)
CVE-2024-52525 Published on November 15, 2024
Nextcloud Server User password is available in memory of the PHP process
Nextcloud Server is a self hosted personal cloud system. Under certain conditions the password of a user was stored unencrypted in the session data. The session data is encrypted before being saved in the session storage (Redis or disk), but it would allow a malicious process that gains access to the memory of the PHP process, to get access to the cleartext password of the user. It is recommended that the Nextcloud Server is upgraded to 28.0.12, 29.0.9 or 30.0.2.
Vulnerability Analysis
CVE-2024-52525 can be exploited with physical access, requires user interaction and user privileges. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality, a small impact on integrity and availability.
Weakness Type
Cleartext Storage of Sensitive Information
The application stores sensitive information in cleartext within a resource that might be accessible to another control sphere. Because the information is stored in cleartext, attackers could potentially read it. Even if the information is encoded in a way that is not human-readable, certain techniques could determine which encoding is being used, then decode the information.
Products Associated with CVE-2024-52525
stack.watch emails you whenever new vulnerabilities are published in Nextcloud Server or Nextcloud. Just hit a watch button to start following.
Affected Versions
nextcloud security-advisories:- Version >= 28.0.0, < 28.0.12 is affected.
- Version >= 29.0.0, < 29.0.9 is affected.
- Version >= 30.0.0, < 30.0.2 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.