CVE-2021-22879

Опубликовано: 14 апр. 2021

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

Ссылки

https://github.com/nextcloud/desktop/pull/2906
Patch
Third Party Advisory
https://hackerone.com/reports/1078002
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE/
https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
Vendor Advisory
https://security.gentoo.org/glsa/202105-37
Third Party Advisory
https://github.com/nextcloud/desktop/pull/2906
Patch
Third Party Advisory
https://hackerone.com/reports/1078002
Exploit
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE/
https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
Vendor Advisory
https://security.gentoo.org/glsa/202105-37
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*

Версия до 3.1.3 (исключая)

Конфигурация 2

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

EPSS

Процентиль: 83%

0.01853

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-99

CWE-74

Связанные уязвимости

CVE-2021-22879

CVSS3: 8.8

ubuntu

почти 5 лет назад

CVE-2021-22879

CVSS3: 8.8

debian

почти 5 лет назад

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource inje ...

openSUSE-SU-2021:0577-1

suse-cvrf

почти 5 лет назад

Security update for nextcloud-desktop

GHSA-vrvw-x9cv-3j76

CVSS3: 8.8

github

больше 3 лет назад

EPSS

Процентиль: 83%

0.01853

Низкий

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-99

CWE-74