CVSS3
Attack Vector
LOCAL
Attack Complexity
HIGH
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N
EPSS
Percentile
20.4%
Man-in-the-middle attack is possible in case a user can be made running a nextcloudcmd CLI command locally.
It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1
Don’t execute nextcloudcmd commands
If you have any questions or comments about this advisory: