Upstream information

CVE-2023-28997 at MITRE

Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having moderate severity.

CVSS v3 Scores
  National Vulnerability Database SUSE
Base Score 6.7 6.7
Vector CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Attack Vector Physical Physical
Attack Complexity Low Low
Privileges Required High High
User Interaction Required Required
Scope Changed Changed
Confidentiality Impact High High
Integrity Impact High High
Availability Impact None None
CVSSv3 Version 3.1 3.1
SUSE Bugzilla entry: 1210098 [RESOLVED / INVALID]

No SUSE Security Announcements cross referenced.


SUSE Timeline for this CVE

CVE page created: Tue Apr 4 16:00:17 2023
CVE page last modified: Mon Aug 14 20:05:30 2023