Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Desktop client misbehaves with E2EE when the server returns empty list of metadata keys
Vulnerability Description
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N
Vulnerability Type
缺少必要的密码学步骤
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Desktop Client 3.0.0版本至3.6.5之前版本存在安全漏洞。攻击者利用该漏洞可以获得对端到端加密文件夹的完全访问权限。
CVSS Information
N/A
Vulnerability Type
N/A