PT-2023-22074 · Nextcloud+2 · Nextcloud Desktop Client+2

Daniele Coppola

Publicado

2023-04-04

Atualizado

2023-08-30

CVE-2023-28998

CVSS v3.1

6.7

Média

Vetor

AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop Client versions 3.0.0 through 3.6.4

Description A malicious server administrator can gain full access to an end-to-end encrypted folder, allowing them to decrypt files, recover the folder structure, and add new files.

Recommendations For Nextcloud Desktop Client versions 3.0.0 through 3.6.4, upgrade to version 3.6.5 to receive a patch.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-325

Identificadores relacionados

ALT-PU-2023-2019

ALT-PU-2023-4584

ALT-PU-2023-5197

CVE-2023-28998

GHSA-JH3G-WPWV-CQGR

Produtos afetados

Alt Linux

Debian

Nextcloud Desktop Client

PT-2023-22074 · Nextcloud+2 · Nextcloud Desktop Client+2

CVE-2023-28998

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 12