MEDIUM🇵🇱 Wersja polska

CVE-2023-28999

CVSS 6.9v3.1pub. 2023-04-04upd. 2024-11-21

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.​ This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.

CVSS Vector
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
  • Nextcloud Desktop

    APP
    Nextcloud
    3.0.0 – 3.8.0 (bez)
  • Nextcloud

    APP
    Nextcloud
    3.0.5 – 4.8.0 (bez)3.13.0 – 3.25.0 (bez)
🔵
CHECK WITH VENDOR
No clear patch data available. Check vendor references.
CWE
References

Related vulnerabilities

CVE-2024-46958CRITICAL9.1PL ✓ten sam produkt

Nextcloud Desktop Client — błędne uprawnienia zsynchronizowanych plików na Linux

CVE-2019-5454CRITICAL9.8ten sam produkt

SQL Injection in the Nextcloud Android app prior to version 3.0.0 allows to destroy a local cache when a harmf...

CVE-2021-43863HIGH7.5ten sam produkt

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcl...

CVE-2021-37617HIGH7.3ten sam produkt

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextclo...

CVE-2021-22879HIGH8.8ten sam produkt

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of UR...