CVE-2023-28997

2023-04-0413:15:08

Alpine Linux Development Team

security.alpinelinux.org

security vulnerability

cve-2023-28997

unix systems

CVSS3

6.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

6.4

Confidence

High

EPSS

0.001

Percentile

42.8%

JSON

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN
Alpine3.18-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN
Alpine3.19-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN
Alpine3.20-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN
Alpine	3.18-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN
Alpine	3.19-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN
Alpine	3.20-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN