Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-23942
HistoryFeb 06, 2023 - 12:00 a.m.

CVE-2023-23942

2023-02-0600:00:00
ubuntu.com
ubuntu.com
10

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

33.6%

The Nextcloud Desktop Client is a tool to synchronize files from a
Nextcloud Server with your computer. Versions prior to 3.6.3 are missing
sanitisation on qml labels which are used for basic HTML elements such as
strong, em and head lines in the UI of the desktop client. The lack
of sanitisation may allow for javascript injection. It is recommended that
the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known
workarounds for this issue.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchnextcloud-desktop< anyUNKNOWN
ubuntu22.04noarchnextcloud-desktop< anyUNKNOWN

6.1 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

5.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:P/I:P/A:N

0.001 Low

EPSS

Percentile

33.6%