Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2023-35173

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.

Published

2023-06-23T21:15:09.853

Last Modified

2024-11-21T08:08:05.440

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.7 (MEDIUM)

Weaknesses

Type: Secondary
CWE-284
Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	nextcloud	end-to-end_encryption	< 1.12.4	Yes

References

https://github.com/nextcloud/end_to_end_encryption/pull/435 Patch ([email protected])
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37 Vendor Advisory ([email protected])
https://hackerone.com/reports/1914115 Third Party Advisory ([email protected])
https://github.com/nextcloud/end_to_end_encryption/pull/435 Patch (af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1914115 Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)