CVE-2023-29000

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Desktop Client versions 3.0.0 through 3.6.x

Description The Nextcloud Desktop Client synchronizes files from Nextcloud Server. A malicious server could exploit the client's trust in the server's certificate, leading to the encryption of files with a key known to the attacker.

Recommendations For Nextcloud Desktop Client versions 3.0.0 through 3.6.x, update to version 3.7.0 to resolve the issue.

Exploit

Fix

Improper Certificate Validation

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-295

Related Identifiers

ALT-PU-2023-2019

ALT-PU-2023-4584

ALT-PU-2023-5197

CVE-2023-29000

GHSA-H82X-98Q3-7534

Affected Products

Alt Linux

Debian

Nextcloud Desktop Client

CVE-2023-29000

Weakness Enumeration

Related Identifiers

Affected Products

References · 12