What is CVE-2024-52508?

CVE-2024-52508 is a high-severity vulnerability in Nextcloud Security-advisories, classified under Information Disclosure. CVSS score: 8.2/10. Published 2024-11-15.

How severe is CVE-2024-52508?

High severity. CVSS v3 base score is 8.2 out of 10.

Information disclosure in Nextcloud Security-advisories

CVE-2024-52508

Nextcloud Mail is the mail app for Nextcloud, a self-hosted productivity platform. When a user is trying to set up a mail account with an email address like user@example.tld that does not support auto configuration, and an attacker managed…

Vulnerability class: Information Disclosure

EPSS: 0.003 (53.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.2 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:L.

Affected products

Nextcloud Security-advisories — versions >= 1.9.0, < 1.14.6, >= 2.1.0, < 2.2.11, >= 3.1.0, < 3.6.3

Weakness classification (CWE)

CWE-200 — Information Disclosure

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vmhx-hwph-q6mc (x_refsource_CONFIRM)
https://github.com/nextcloud/mail/pull/9964 (x_refsource_MISC)
https://github.com/nextcloud/mail/commit/a84c70e15d814dab6f0e8eda71bbaaf48152079b (x_refsource_MISC)
https://hackerone.com/reports/2508422 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-52508?: CVE-2024-52508 is a high-severity vulnerability in Nextcloud Security-advisories, classified under Information Disclosure. CVSS score: 8.2/10. Published 2024-11-15.
How severe is CVE-2024-52508?: High severity. CVSS v3 base score is 8.2 out of 10.