Vulnerabilities > CVE-2023-28997 - Reusing a Nonce, Key Pair in Encryption vulnerability in Nextcloud Desktop
Attack vector
NETWORK Attack complexity
LOW Privileges required
HIGH Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
NONE Summary
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.