Описание
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nextcloud-desktop | fixed | 3.15.0-1 | package | |
| nextcloud-desktop | ignored | bookworm | package | |
| nextcloud-desktop | ignored | bullseye | package |
Примечания
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r4qc-m9mj-452v
https://github.com/nextcloud/desktop/pull/7333
https://github.com/nextcloud/desktop/commit/8cce183ba4ce46ddef58751fe5358efdea8d0114
https://github.com/nextcloud/desktop/commit/0e218bc5495abd422490b6b3db35ebc29d751e6c
https://github.com/nextcloud/desktop/commit/ef811ff22058d1ec865f8433a6695cb31c9960ab
https://github.com/nextcloud/desktop/commit/ddaaf2c344b157aac01312b8d908ffde8e17dc11
EPSS
Связанные уязвимости
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.
EPSS