From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Users can copy folders containing files blocked by file access control. - Severity: Moderate - CVSS v3 base metrics: - Attack Vector: Network - Attack Complexity: Low - Privileges Required: Low - User Interaction: Required - Scope: Changed - Confidentiality: Low - Integrity: None - Availability: None - CVE ID: CVE-2024-52514 - Weakness: CWE-284 2. Affected Versions: - Server (Nextcloud): >= 27.0.0, >= 28.0.0 - Server (Nextcloud Enterprise): - >= 21.0.0, >= 22.0.0, >= 23.0.0, >= 24.0.0, >= 25.0.0, >= 26.0.0, >= 27.0.0, >= 28.0.0 - 27.1.9, 28.0.5, 29.0.0 - 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5, 29.0.0 3. Remediation Recommendations: - Upgrade to the following versions: - Server (Nextcloud): 27.1.9, 28.0.5, or 29.0.0 - Server (Nextcloud Enterprise): 21.0.9.18, 22.2.10.23, 23.0.12.18, 24.0.12.14, 25.0.13.9, 26.0.13.3, 27.1.9, 28.0.5, or 29.0.0 4. Workarounds: - No workarounds are available. 5. Reference Links: - HackerOne - Pull Request 6. Additional Information: - For any questions or comments, create a post in nextcloud/security-advisories. - For clients: Open a support ticket at portal.nextcloud.com. This information helps users understand the vulnerability details, affected versions, remediation steps, and how to obtain further information.