3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%
A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment.
It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0
If you have any questions or comments about this advisory:
CPE | Name | Operator | Version |
---|---|---|---|
desktop client | ge | <= | |
desktop client | le | 3.12.0 |
3.8 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
LOW
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L
7.3 High
AI Score
Confidence
High
0.0004 Low
EPSS
Percentile
15.5%