CVE-2023-28999— Nextcloud 安全漏洞

Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.​ This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.

CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L

缺少必要的密码学步骤

Nextcloud 安全漏洞

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在安全漏洞，该漏洞源于允许恶意服务器获得对 E2EE 文件夹的访问权限。受影响的产品和版本：Nextcloud Desktop client 3.0.0 至 3.8.0之前版本，Nextcloud Android app 3.13.0 至 3.25.0之前版本，Nextcloud iOS app 3.0.5 至 4.8.0之前版本。

N/A

N/A