Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Desktop 3rdparty applications can create share links via socket API
Vulnerability Description
Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N
Vulnerability Type
访问控制不恰当
Vulnerability Title
Nextcloud Desktop Client 访问控制错误漏洞
Vulnerability Description
Nextcloud Desktop Client是Nextcloud GmbH的一个开源的文件同步和共享工具。 Nextcloud Desktop Client 3.15之前版本存在访问控制错误漏洞,该漏洞源于第三方应用程序可通过套接字API创建链接共享,可能导致数据泄露。
CVSS Information
N/A
Vulnerability Type
N/A