CVE-2023-28998

2023-04-0413:15:08

Alpine Linux Development Team

security.alpinelinux.org

cve 28998 unix

CVSS3

6.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

42.6%

JSON

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

OSVersionArchitecturePackageVersionFilename
Alpineedge-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN
Alpine3.18-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN
Alpine3.19-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN
Alpine3.20-communitynoarchnextcloud-client< 3.6.6-r0UNKNOWN

OS	Version	Architecture	Package	Version	Filename
Alpine	edge-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN
Alpine	3.18-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN
Alpine	3.19-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN
Alpine	3.20-community	noarch	nextcloud-client	< 3.6.6-r0	UNKNOWN