PT-2023-25183 · Nextcloud · Nextcloud End-To-End Encryption
Rullzer
·
Published
2023-06-23
·
Updated
2023-07-05
·
CVE-2023-35173
CVSS v3.1
5.7
Medium
| Vector | AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Nextcloud End-to-end encryption app versions prior to 1.12.4
Description
The Nextcloud End-to-end encryption app provides APIs for implementing End-to-End encryption on the client side. An issue exists where providing an invalid meta data file can make previously dropped files inaccessible.
Recommendations
For versions prior to 1.12.4, upgrade to version 1.12.4 to resolve the issue.
Exploit
Fix
Improper Access Control
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Nextcloud End-To-End Encryption