Lucene search
Veracode Vulnerability DatabaseVERACODE:31838HistoryAug 27, 2021 - 10:04 a.m.
Information Disclosure
2021-08-2710:04:08
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
15
nextcloud
vulnerability
privacy key
information disclosure
software
EPSS
0.009
Percentile
82.6%
nextcloud-desktop is vulnerable to informatino disclosure. The client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor.
Related
cve
cve
CVE-2021-32728
2021-08-18 16:15:07
prion
prion
Code injection
2021-08-18 16:15:00
cvelist
cvelist
CVE-2021-32728 End-to-end encryption device setup did not verify public key
2021-08-18 16:00:13
nvd
nvd
CVE-2021-32728
2021-08-18 16:15:07
nextcloud
nextcloud
End-to-end encryption device setup did not verify public key
2021-08-18 14:45:40
ubuntucve
ubuntucve
CVE-2021-32728
2021-08-18 00:00:00
debiancve
debiancve
CVE-2021-32728
2021-08-18 16:15:07
osv
osv
CVE-2021-32728
2021-08-18 16:15:07
nextcloud-desktop - security update
2021-09-19 00:00:00
nessus
nessus
Debian DSA-4974-1 : nextcloud-desktop - security update
2021-09-19 00:00:00
mageia
mageia
Updated nextcloud-client packages fix security vulnerability
2021-09-23 07:49:29
openvas
openvas
Debian: Security Advisory (DSA-4974-1)
2021-09-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0421)
2022-01-28 00:00:00
debian
debian
[SECURITY] [DSA 4974-1] nextcloud-desktop security update
2021-09-19 10:35:13