CVE-2024-46958 - In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server a

CVE-2024-46958

Summary

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

References

https://github.com/nextcloud/desktop/issues/6863
https://github.com/nextcloud/desktop/pull/7092
https://github.com/nextcloud/desktop/pull/6949
https://github.com/nextcloud/desktop/compare/v3.13.3...v3.13.4
https://github.com/nextcloud/security-advisories/security/advisories

Vulnerable Configurations

cpe:2.3:a:nextcloud:desktop:3.13.1:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:desktop:3.13.1:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:desktop:3.13.2:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:desktop:3.13.2:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:desktop:3.13.3:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:desktop:3.13.3:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

CVSS

Base:	None
Impact:
Exploitability:

CWE

NVD-CWE-noinfo

CAPEC

Access

Vector	Complexity	Authentication

Impact

Confidentiality	Integrity	Availability

Last major update

20-09-2024 - 22:41

Published

16-09-2024 - 02:15

Last modified

20-09-2024 - 22:41