Upstream information
Description
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.​ This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | SUSE | |
|---|---|---|
| Base Score | 6.9 | 6.9 |
| Vector | CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L | CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L |
| Attack Vector | Physical | Physical |
| Attack Complexity | Low | Low |
| Privileges Required | High | High |
| User Interaction | Required | Required |
| Scope | Changed | Changed |
| Confidentiality Impact | High | High |
| Integrity Impact | High | High |
| Availability Impact | Low | Low |
| CVSSv3 Version | 3.1 | 3.1 |
No SUSE Security Announcements cross referenced.
SUSE Timeline for this CVE
CVE page created: Tue Apr 4 16:00:19 2023CVE page last modified: Thu Feb 13 16:55:40 2025