Nextcloud CVE-2024-52514: Improper Access Control Allows Copying Locked Folders

Key Information 1. Vulnerability Description: - Title: User can copy locked folders and gain access to the contents - Reporter: maccs - Report Date: April 4, 2024, 3:52pm UTC 2. Vulnerability Details: - Vulnerability Type: Improper Access Control - Generic - Severity: Medium (4.1) - Vulnerability Link: Security advisory 3. Report Status: - Status: Resolved - Disclosure Date: November 16, 2024, 9:14am UTC 4. Reward: - Reward Amount: $500 5. CVE ID: - CVE ID: CVE-2024-52514 6. Participants: - Reporter: maccs - Reported To: Nextcloud - Participants: Nextcloud staff 7. Timeline: - Report Submitted: April 4, 2024, 3:52pm UTC - Status Changed: April 4, 2024, 3:53pm UTC (Triaged) - Status Changed: April 4, 2024, 4:48pm UTC (Resolved) - Reward Distributed: April 30, 2024, 7:49am UTC - Disclosure Requested: 2 days ago - Disclosure Approved: 8 hours ago Summary This vulnerability report describes an issue where a user can copy locked folders and gain access to their contents. The vulnerability was classified as medium severity and has been resolved and disclosed by Nextcloud. The reporter, maccs, received a $500 reward. The timeline outlines key events including report submission, status changes, reward distribution, and disclosure approval.

Goal Reached Thanks to every supporter — we hit 100%!

Nextcloud CVE-2024-52514: Improper Access Control Allows Copying Locked Folders