CVE-2024-46958
published 2024-09-16CVE-2024-46958: In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable…
critical9.1CVSS 3.1
AVNACLPRNUINSUCHIHAN
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | nextcloud-desktop | < nextcloud-desktop 3.15.0-1 (forky) | nextcloud-desktop 3.15.0-1 (forky) |
| nextcloud | desktop | >= 3.13.1 < 3.13.4 | 3.13.4 |
CVSS provenance
nvdv3.19.1CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
osv9.1CRITICAL