Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities found for zipper by nextcloud
CVE-2024-22404 (GCVE-0-2024-22404)
Vulnerability from cvelistv5 – Published: 2024-01-18 20:14 – Updated: 2025-06-02 15:03
VLAI
Title
Permissions bypass in Nextcloud with the files zip app
Summary
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-281 - Improper Preservation of Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/files_zip/commit/432… | x_refsource_MISC |
| https://hackerone.com/reports/2247457 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 1.2.0, < 1.2.1
Affected: >= 1.3.0, < 1.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq"
},
{
"name": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820"
},
{
"name": "https://hackerone.com/reports/2247457",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/2247457"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:09:22.953426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:03:33.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.1"
},
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T20:14:27.914Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq"
},
{
"name": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820"
},
{
"name": "https://hackerone.com/reports/2247457",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2247457"
}
],
"source": {
"advisory": "GHSA-vhj3-mch4-67fq",
"discovery": "UNKNOWN"
},
"title": "Permissions bypass in Nextcloud with the files zip app"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22404",
"datePublished": "2024-01-18T20:14:27.914Z",
"dateReserved": "2024-01-10T15:09:55.548Z",
"dateUpdated": "2025-06-02T15:03:33.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-22404 (GCVE-0-2024-22404)
Vulnerability from nvd – Published: 2024-01-18 20:14 – Updated: 2025-06-02 15:03
VLAI
Title
Permissions bypass in Nextcloud with the files zip app
Summary
Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download "view-only" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app.
Severity
4.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-281 - Improper Preservation of Permissions
Assigner
References
3 references
| URL | Tags |
|---|---|
| https://github.com/nextcloud/security-advisories/… | x_refsource_CONFIRM |
| https://github.com/nextcloud/files_zip/commit/432… | x_refsource_MISC |
| https://hackerone.com/reports/2247457 | x_refsource_MISC |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| nextcloud | security-advisories |
Affected:
>= 1.2.0, < 1.2.1
Affected: >= 1.3.0, < 1.4.1 |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-01T22:43:34.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq"
},
{
"name": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820"
},
{
"name": "https://hackerone.com/reports/2247457",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://hackerone.com/reports/2247457"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-22404",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-05-08T19:09:22.953426Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-02T15:03:33.283Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "\u003e= 1.2.0, \u003c 1.2.1"
},
{
"status": "affected",
"version": "\u003e= 1.3.0, \u003c 1.4.1"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud files Zip app is a tool to create zip archives from one or multiple files from within Nextcloud. In affected versions users can download \"view-only\" files by zipping the complete folder. It is recommended that the Files ZIP app is upgraded to 1.2.1, 1.4.1, or 1.5.0. Users unable to upgrade should disable the file zip app."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 4.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-281",
"description": "CWE-281: Improper Preservation of Permissions",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-18T20:14:27.914Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vhj3-mch4-67fq"
},
{
"name": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/nextcloud/files_zip/commit/43204539d517a13e945b90652718e2a213f46820"
},
{
"name": "https://hackerone.com/reports/2247457",
"tags": [
"x_refsource_MISC"
],
"url": "https://hackerone.com/reports/2247457"
}
],
"source": {
"advisory": "GHSA-vhj3-mch4-67fq",
"discovery": "UNKNOWN"
},
"title": "Permissions bypass in Nextcloud with the files zip app"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-22404",
"datePublished": "2024-01-18T20:14:27.914Z",
"dateReserved": "2024-01-10T15:09:55.548Z",
"dateUpdated": "2025-06-02T15:03:33.283Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}