Lucene search

Ubuntu.comUB:CVE-2023-28997

HistoryApr 04, 2023 - 12:00 a.m.

CVE-2023-28997

2023-04-0400:00:00

ubuntu.com

nextcloud

desktop client

file synchronization

CVSS3

6.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

42.8%

JSON

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud
Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious
server administrator can recover and modify the contents of end-to-end
encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5
to receive a patch. No known workarounds are available.

OSVersionArchitecturePackageVersionFilename
ubuntu20.04noarchnextcloud-desktop< anyUNKNOWN
ubuntu22.04noarchnextcloud-desktop< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	20.04	noarch	nextcloud-desktop	< any	UNKNOWN
ubuntu	22.04	noarch	nextcloud-desktop	< any	UNKNOWN

References

ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

github.com/nextcloud/desktop/pull/5324

github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc

launchpad.net/bugs/cve/CVE-2023-28997

nvd.nist.gov/vuln/detail/CVE-2023-28997

security-tracker.debian.org/tracker/CVE-2023-28997

www.cve.org/CVERecord?id=CVE-2023-28997

CVSS3

6.7

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N

EPSS

0.001

Percentile

42.8%

JSON

Related for UB:CVE-2023-28997