Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files. This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.
oryginał ENCVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:LNextcloud Desktop
APPNextcloud3.0.0 – 3.8.0 (bez)Nextcloud
APPNextcloud3.0.5 – 4.8.0 (bez)3.13.0 – 3.25.0 (bez)
Powiązane podatności
Nextcloud Desktop Client — błędne uprawnienia zsynchronizowanych plików na Linux
SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmf...
The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcl...
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextclo...
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of UR...