CVE-2024-46958

Опубликовано: 16 сент. 2024

Источник: debian

Описание

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

Пакеты

Пакет	Статус	Версия исправления	Релиз	Тип
nextcloud-desktop	fixed	3.14.1-1	experimental	package
nextcloud-desktop	fixed	3.15.0-1		package
nextcloud-desktop	not-affected		bookworm	package
nextcloud-desktop	not-affected		bullseye	package

Примечания

Fixed by: https://github.com/nextcloud/desktop/commit/a270756402d2a751da2ce41b0c53ee4dd934827c (master)
Fixed by: https://github.com/nextcloud/desktop/commit/13c73a5f39d35bbd187ced45aa06c9ab1d4fd5a0 (v3.13.4)
https://github.com/nextcloud/desktop/pull/6949
https://github.com/nextcloud/desktop/issues/6863

Связанные уязвимости

CVE-2024-46958

CVSS3: 9.1

ubuntu

больше 1 года назад

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

CVE-2024-46958

CVSS3: 9.1

nvd

больше 1 года назад

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

GHSA-gcwq-2mx4-wmcp

CVSS3: 9.1

github

больше 1 года назад

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.