CVE-2023-35173
published 2023-06-23CVE-2023-35173: Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data…
PriorityP430medium6.5CVSS 3.1
AVNACLPRNUIRSUCNINAH
EPSS
0.49%
38.7th percentile
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | end-to-end_encryption | >= 1.12.0 < 1.12.4 | 1.12.4 |
| nextcloud | security-advisories | — | — |
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nextcloud/end_to_end_encryption/pull/435https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37https://hackerone.com/reports/1914115https://github.com/nextcloud/end_to_end_encryption/pull/435https://github.com/nextcloud/security-advisories/security/advisories/GHSA-x7c7-v5r3-mg37https://hackerone.com/reports/1914115
2023-06-23
Published