Nextcloud: >> End-To-End Encryption Security Vulnerabilities
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.
CVSS Score
5.7
EPSS Score
0.002
Published
2023-06-23
Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.
CVSS Score
6.5
EPSS Score
0.001
Published
2021-06-11