Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
Vulnerability Description
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files. This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L
Vulnerability Type
缺少必要的密码学步骤
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud存在安全漏洞,该漏洞源于允许恶意服务器获得对 E2EE 文件夹的访问权限。受影响的产品和版本:Nextcloud Desktop client 3.0.0 至 3.8.0之前版本,Nextcloud Android app 3.13.0 至 3.25.0之前版本,Nextcloud iOS app 3.0.5 至 4.8.0之前版本。
CVSS Information
N/A
Vulnerability Type
N/A