From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Vulnerability Name: Missing password confirmation when changing external storage options - Publisher: nickvergesen - Vulnerability ID: GHSA-vrhf-532w-99rg - Release Date: Yesterday 2. Affected Versions: - Affected Versions: - Server (Nextcloud): >= 28.0.0, >= 29.0.0, >= 30.0.0 - Server (Nextcloud Enterprise): >= 28.0.0, >= 29.0.0, >= 30.0.0 - Fixed Versions: - Server (Nextcloud): 28.0.12, 29.0.9, 30.0.2 - Server (Nextcloud Enterprise): 28.0.12, 29.0.9, 30.0.2 3. Severity: - Severity Level: Moderate - CVSS v3 Score: 4.4 / 10 4. Impact: - Attack Vector: Network - Attack Complexity: High - Privileges Required: High - User Interaction: None - Scope: Unchanged - Confidentiality: High - Integrity: None - Availability: None 5. Vulnerability ID: - CVE ID: CVE-2024-52518 6. Vulnerability Weakness: - CWE ID: CWE-287 7. Recommended Actions: - Recommended Upgrade: - Server (Nextcloud): Upgrade to 28.0.12, 29.0.9, or 30.0.2 - Server (Nextcloud Enterprise): Upgrade to 28.0.12, 29.0.9, or 30.0.2 8. Workarounds: - No workarounds available 9. Reference Links: - HackerOne - PullRequest - PullRequest - PullRequest 10. Additional Information: - Post created on nextcloud/security-advisories - Client: Open support ticket at portal.nextcloud.com This information helps users understand the vulnerability details, affected versions, fixed versions, severity, impact scope, and recommended remediation steps.