Vulnerabilities > CVE-2023-35173 - Unspecified vulnerability in Nextcloud End-To-End Encryption

CVSS 6.5 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

HIGH

network

low complexity

nextcloud

NVD

Published: 2023-06-23

Updated: 2024-11-21

Summary

Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.

Vulnerable Configurations

Part	Description	Count
Application	Nextcloud Nextcloud END TO END Encryption 1.12.0 Nextcloud END TO END Encryption 1.12.1 Nextcloud END TO END Encryption 1.12.2 Nextcloud END TO END Encryption 1.12.3	4

References

https://github.com/nextcloud/end_to_end_encryption/pull/435
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37
https://hackerone.com/reports/1914115
https://github.com/nextcloud/end_to_end_encryption/pull/435
https://hackerone.com/reports/1914115
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37