Lucene search
NextcloudGHSA-X7C7-V5R3-MG37HistoryJun 22, 2023 - 6:13 a.m.
End-to-End encrypted file-drops can be made inaccessible
2023-06-2206:13:38
github.com
13
file-access
encryption
nextcloud
meta-data
upgrade
vulnerability
hackerone
pullrequest
advisory
support-ticket
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
32.2%
Description
Impact
By providing an invalid meta data file, an attacker can make previously dropped files inaccessible.
Patches
It is recommended that the Nextcloud End-to-end encryption app is upgraded to 1.12.4
Workarounds
- No workaround available
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at portal.nextcloud.com
Related
prion
prion
Code injection
2023-06-23 21:15:00
nvd
nvd
CVE-2023-35173
2023-06-23 21:15:09
hackerone
hackerone
Nextcloud: End-to-end encrypted file-drops can be made inaccessible
2023-03-21 20:28:56
cvelist
cvelist
CVE-2023-35173 End-to-End encrypted file-drops can be made inaccessible
2023-06-23 20:50:15
cve
cve
CVE-2023-35173
2023-06-23 21:15:09
osv
osv
CVE-2023-35173
2023-06-23 21:15:09
CVSS3
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
EPSS
0.001
Percentile
32.2%
Related for GHSA-X7C7-V5R3-MG37