From this webpage screenshot, the following key information about the vulnerability can be obtained: 1. Vulnerability Description: - Title: Custom defined credentials of external storages are sent back to the frontend - Author: nickvergessen - Published: Yesterday - Severity: Moderate (4.6/10) - Description: When setting up user- or admin-defined external storages, the API returns fixed credentials and adds them to the frontend, allowing attackers to read these credentials during an active session of an authenticated user. 2. Affected Versions: - Nextcloud Server: >= 28.0.0, >= 29.0.0, >= 30.0.0 - Nextcloud Enterprise Server: >= 25.0.0, >= 26.0.0, >= 27.0.0, >= 28.0.0, >= 29.0.0, >= 30.0.0 3. Fixed Versions: - Nextcloud Server: 28.0.12, 29.0.9, 30.0.2 - Nextcloud Enterprise Server: 25.0.13.14, 26.0.13.10, 27.1.11.10, 28.0.12, 29.0.9, 30.0.2 4. Vulnerability Type: - CVSS v3 base metrics: - Attack vector: Physical - Attack complexity: High - Privileges required: High - User interaction: Required - Scope: Changed - Confidentiality: High - Integrity: None - Availability: None 5. CVE ID: CVE-2024-52523 6. Workarounds: No working workarounds available. 7. References: - Reporter: Bundesamt für Sicherheit in der Informationstechnik (BSI) - Pull Request: Link 8. More Information: - Create a post about this advisory: Link - Client: Open a support ticket at portal.nextcloud.com This information helps understand the nature, impact scope, and how to fix or bypass the vulnerability.