CVE-2024-46958 — Desktop vulnerability

5 documents5 sources

Severity

9.1CRITICALNVD

EPSS

0.1%

top 64.67%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Desktop

Timeline

PublishedSep 16

Description

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages1 packages

▶NVDnextcloud/desktop3.13.1 — 3.13.4

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

OSV

CVE-2024-46958: In Nextcloud Desktop Client 3↗2024-09-16

▶

GHSA

GHSA-gcwq-2mx4-wmcp: In Nextcloud Desktop Client 3↗2024-09-16

▶

CVEList

CVE-2024-46958: In Nextcloud Desktop Client 3↗2024-09-16

▶

📋Vendor Advisories

Debian

CVE-2024-46958: nextcloud-desktop - In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (...↗2024

▶