CVE-2022-39331

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 4.6

CVSS3: 5.4

EPSS Низкий

Описание

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

Ссылки

https://github.com/nextcloud/desktop/pull/4944
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
Third Party Advisory
https://hackerone.com/reports/1668028
Exploit
Third Party Advisory
https://github.com/nextcloud/desktop/pull/4944
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
Third Party Advisory
https://hackerone.com/reports/1668028
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/09/msg00018.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*

Версия до 3.6.1 (исключая)

EPSS

Процентиль: 56%

0.00337

Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-39331

CVSS3: 4.6

ubuntu

около 3 лет назад

CVE-2022-39331

CVSS3: 4.6

debian

около 3 лет назад

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...

openSUSE-SU-2023:0171-1

suse-cvrf

больше 2 лет назад

Security update for nextcloud-desktop

openSUSE-SU-2023:0090-1

suse-cvrf

почти 3 года назад

Security update for nextcloud-desktop

EPSS

Процентиль: 56%

0.00337

Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79