2 matches found
CVE-2023-28998
The CVE-2023-28998 entry concerns the Nextcloud Desktop Client. Versions from 3.0.0 up to, but not including, 3.6.5 are vulnerable: a malicious server administrator can gain full access to an end-to-end encrypted folder, decrypt files, recover the folder structure, and add new files. Affected sof...
CVE-2023-28998 Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new...