Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
suseSuseOPENSUSE-SU-2021:0577-1
HistoryApr 19, 2021 - 12:00 a.m.

Security update for nextcloud-desktop (important)

2021-04-1900:00:00
lists.opensuse.org
12

0.018 Low

EPSS

Percentile

88.1%

JSON

An update that fixes one vulnerability is now available.

Description:

This update for nextcloud-desktop fixes the following issues:

nextcloud-desktop was updated to 3.1.3:

  • desktop#2884 [stable-3.1] Add support for Hirsute
  • desktop#2920 [stable-3.1] Validate sensitive URLs to onle allow http(s)
    schemes.
  • desktop#2926 [stable-3.1] Validate the providers ssl certificate
  • desktop#2939 Bump release to 3.1.3

This also fix security issues:

  • (boo#1184770, CVE-2021-22879, NC-SA-2021-008 , CWE-99)

    Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource
    injection by way of missing validation of URLs, allowing a malicious
    server to execute remote commands. User interaction is needed for
    exploitation.

Patch Instructions:

To install this openSUSE Security Update use the SUSE recommended installation methods
like YaST online_update or “zypper patch”.

Alternatively you can run the command listed for your product:

  • openSUSE Leap 15.2:

    zypper in -t patch openSUSE-2021-577=1

OSVersionArchitecturePackageVersionFilename
openSUSE Leap15.2x86_64< - openSUSE Leap 15.2 (x86_64):- openSUSE Leap 15.2 (x86_64):.x86_64.rpm
openSUSE Leap15.2noarch< - openSUSE Leap 15.2 (noarch):- openSUSE Leap 15.2 (noarch):.noarch.rpm

Related

openvas 2
veracode 1
prion 1
nvd 1
nextcloud 1
nessus 2
cvelist 1
debiancve 1
fedora 1
osv 1
cve 1
gentoo 1
hackerone 1
ubuntucve 1
thn 1
openvas
openvas
Fedora: Security Advisory for nextcloud-client (FEDORA-2021-1ffffa0251)
2021-04-25 00:00:00
openSUSE: Security Advisory for nextcloud-desktop (openSUSE-SU-2021:0577-1)
2021-04-21 00:00:00
veracode
veracode
Injection Vulnerability
2021-05-09 16:43:35
prion
prion
Design/Logic Flaw
2021-04-14 13:15:00
nvd
nvd
CVE-2021-22879
2021-04-14 13:15:13
nextcloud
nextcloud
Missing URL validation allowed RCE for the server on the Desktop client (NC-SA-2021-008)
2021-02-24 00:00:00
nessus
nessus
GLSA-202105-37 : Nextcloud Desktop Client: User-assisted execution of arbitrary code
2022-01-24 00:00:00
openSUSE Security Update : nextcloud-desktop (openSUSE-2021-577)
2021-05-18 00:00:00
cvelist
cvelist
CVE-2021-22879
2021-04-14 12:41:24
debiancve
debiancve
CVE-2021-22879
2021-04-14 13:15:13
fedora
fedora
[SECURITY] Fedora 33 Update: nextcloud-client-3.1.3-1.fc33
2021-04-24 18:06:43
osv
osv
CVE-2021-22879
2021-04-14 13:15:13
cve
cve
CVE-2021-22879
2021-04-14 13:15:13
gentoo
gentoo
Nextcloud Desktop Client: User-assisted execution of arbitrary code
2021-05-26 00:00:00
hackerone
hackerone
Nextcloud: Nextcloud Desktop Client RCE via malicious URI schemes
2021-01-13 17:29:19
ubuntucve
ubuntucve
CVE-2021-22879
2021-04-14 00:00:00
thn
thn
1-Click Hack Found in Popular Desktop Apps — Check If You're Using Them
2021-04-15 11:09:00

0.018 Low

EPSS

Percentile

88.1%

JSON
Related for OPENSUSE-SU-2021:0577-1
openvas2veracode1prion1nvd1nextcloud1nessus2cvelist1debiancve1fedora1osv1cve1gentoo1hackerone1ubuntucve1thn1