cbcvebase.
CVE-2023-35173
published 2023-06-23

CVE-2023-35173: Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data…

PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.49%
38.7th percentile
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.

Affected

2 ranges
VendorProductVersion rangeFixed in
nextcloudend-to-end_encryption>= 1.12.0 < 1.12.41.12.4
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.