9.1

CVE-2024-46958

Desktop client created folders with world-readable and world-writable permissions on Linux

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
Mögliche Gegenmaßnahme
Desktop: * Disable the desktop client
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
NextcloudDesktop Version >= 3.13.1 < 3.13.4
   LinuxLinux Kernel Version-
Weitere Schwachstelleninformationen
SystemNextcloud App
Produkt Desktop
Version >= 3.13.1, < 3.13.4
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.56% 0.419
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
134c704f-9b21-4f2e-91b3-4a467353bcc0 9.1 3.9 5.2
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Es wurden noch keine Informationen zu CWE veröffentlicht.
https://github.com/nextcloud/desktop/compare/v3.13.3...v3.13.4
Patch
https://github.com/nextcloud/desktop/issues/6863
Issue Tracking
https://github.com/nextcloud/desktop/pull/6949
Issue Tracking
https://github.com/nextcloud/desktop/pull/7092
Patch
https://github.com/nextcloud/security-advisories/security/advisories
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-hw3v-8vvq-5645
Third Party Advisory