Lucene search

NextcloudGHSA-JH3G-WPWV-CQGR

HistoryApr 04, 2023 - 7:55 a.m.

Desktop clients misbehaves with end-to-end encryption when the server returns an empty list of metadata keys

2023-04-0407:55:58

github.com

security impact

e2ee folder

decryption

nextcloud desktop client

upgrade

malicious server

metadata keys

vulnerability

patch

advisory

support

6.7 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON

Description

Impact

A malicious server administrator can gain full access to an E2EE folder. They can decrypt files, recover the folder structure and add new files.

Patches

It is recommended that the Nextcloud Desktop client is upgraded to 3.6.5

Workarounds

No workaround available

References

Credit

Martin Albrecht (Royal Holloway, University of London/Kings College London)
Matilda Backendal (ETH Zurich)
Daniele Coppola (ETH Zurich)
Kenneth G. Paterson (ETH Zurich)

For more information

If you have any questions or comments about this advisory:

Create a post in nextcloud/security-advisories
Customers: Open a support ticket at support.nextcloud.com

CPENameOperatorVersion
desktoplt3.0.0

CPE	Name	Operator	Version
	desktop	lt	3.0.0

References

ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

github.com/nextcloud/desktop/pull/5323

6.7 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for GHSA-JH3G-WPWV-CQGR