CVE-2022-39332

Опубликовано: 25 нояб. 2022

Источник: nvd

CVSS3: 4.6

CVSS3: 5.4

EPSS Низкий

Описание

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

Ссылки

https://github.com/nextcloud/desktop/pull/4972
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
Third Party Advisory
https://hackerone.com/reports/1707977
Exploit
Third Party Advisory
https://github.com/nextcloud/desktop/pull/4972
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
Third Party Advisory
https://hackerone.com/reports/1707977
Exploit
Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/09/msg00018.html

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*

Версия до 3.6.1 (исключая)

EPSS

Процентиль: 52%

0.00288

Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79

Связанные уязвимости

CVE-2022-39332

CVSS3: 4.6

ubuntu

около 3 лет назад

CVE-2022-39332

CVSS3: 4.6

debian

около 3 лет назад

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker ...

openSUSE-SU-2023:0171-1

suse-cvrf

больше 2 лет назад

Security update for nextcloud-desktop

openSUSE-SU-2023:0090-1

suse-cvrf

почти 3 года назад

Security update for nextcloud-desktop

EPSS

Процентиль: 52%

0.00288

Низкий

4.6 Medium

CVSS3

5.4 Medium

CVSS3

Дефекты

CWE-79