CVE-2024-22402— Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-22402
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Improper handling of request URLs in Nextcloud Guests app allows guest users to bypass app allowlist
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nextcloud guests app is a utility to create guest users which can only see files shared with them. In affected versions users were able to load the first page of apps they were actually not allowed to access. Depending on the selection of apps installed this may present a permissions bypass. It is recommended that the Guests app is upgraded to 2.4.1, 2.5.1 or 3.0.1. There are no known workarounds for this vulnerability.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
权限预留不恰当
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nextcloud 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud 存在安全漏洞,该漏洞源于对请求URL处理不当,导致用户可以加载不被允许的应用程序页面。受影响的产品和版本:Nextcloud guests 2.4.0及更高版本,2.5.0及更高版本,3.0.0及更高版本。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| nextcloud | security-advisories | >= 2.4.0, < 2.4.1 | - |
II. Public POCs for CVE-2024-22402
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2024-22402
请登录查看更多情报信息。
- https://hackerone.com/reports/2251074x_refsource_MISC
- https://github.com/nextcloud/guests/pull/1082x_refsource_MISC
- https://nvd.nist.gov/vuln/detail/CVE-2024-22402
Same Patch Batch · nextcloud · 2024-01-18 · 7 CVEs total
| CVE-2024-22212 | 9.7 CRITICAL | Nextcloud global site selector authentication bypass |
| CVE-2024-22401 | 4.1 MEDIUM | All users can reset the allowed apps list for Nextcloud Guest App users |
| CVE-2024-22404 | 4.1 MEDIUM | Permissions bypass in Nextcloud with the files zip app |
| CVE-2024-22400 | 3.1 LOW | Open redirect in user_saml via RelayState parameter in Nextcloud User Saml |
| CVE-2024-22403 | 3.0 LOW | OAuth2 authorization codes are valid indefinetly in Nextcloud server |
| CVE-2024-22213 | Cross-site Scripting when sending HTML as a comment in the Nextcloud Deck app |
IV. Related Vulnerabilities
Same product: security-advisories
- CVE-2026-28272
Kiteworks Email Protection Gateway has a Cross-site Scriptin - CVE-2026-28271
Kiteworks Core is vulnerable to Server-Side Request Forgery - CVE-2026-28270
Kiteworks Core has an Unrestricted Upload of File with Dange - CVE-2026-28269
Kiteworks Core has an OS Command Injection - CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public
Same vendor: nextcloud
- CVE-2025-66558
Nextcloud Twofactor WebAuthn app was updated based on public - CVE-2025-66556
Nextcloud talk allows participants to blindly delete poll dr - CVE-2025-66554
Nextcloud Contacts vulnerable to Stored XSS in contacts app - CVE-2025-66549
Nextcloud Desktop discloses information when attempting to l - CVE-2025-66545
Nextcloud Groupfolders users with read-only permissions for
Same weakness: CWE-281
- CVE-2026-35361
uutils coreutils mknod Security Label Inconsistency and Brok - CVE-2026-35351
uutils coreutils mv Silent Ownership Loss in Cross-Device Op - CVE-2026-35350
uutils coreutils cp Unexpected Privileged Executable Creatio - CVE-2026-35385
OpenSSH 安全漏洞 - CVE-2025-9615
Networkmanager: networkmanager file access
V. Comments for CVE-2024-22402
No comments yet