Vulnerability Details CVE-2023-35173
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 30.2%
CVSS Severity
CVSS v3 Score 5.7
References
- https://github.com/nextcloud/end_to_end_encryption/pull/435
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37
- https://hackerone.com/reports/1914115
- https://github.com/nextcloud/end_to_end_encryption/pull/435
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37
- https://hackerone.com/reports/1914115
Products affected by CVE-2023-35173
-
cpe:2.3:a:nextcloud:end-to-end_encryption:1.12.0
-
cpe:2.3:a:nextcloud:end-to-end_encryption:1.12.1
-
cpe:2.3:a:nextcloud:end-to-end_encryption:1.12.2
-
cpe:2.3:a:nextcloud:end-to-end_encryption:1.12.3