Описание
Nextcloud End-to-end encryption app provides all the necessary APIs to implement End-to-End encryption on the client side. By providing an invalid meta data file, an attacker can make previously dropped files inaccessible. It is recommended that the Nextcloud End-to-end encryption app is upgraded to version 1.12.4 that contains the fix.
Ссылки
- Patch
- Vendor Advisory
- Third Party Advisory
- Patch
- Vendor Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.12.0 (включая) до 1.12.4 (исключая)
cpe:2.3:a:nextcloud:end-to-end_encryption:*:*:*:*:*:*:*:*
EPSS
Процентиль: 41%
0.00185
Низкий
5.7 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-Other
EPSS
Процентиль: 41%
0.00185
Низкий
5.7 Medium
CVSS3
6.5 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-Other