CVE-2023-29000 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available. https://github.com/nextcloud/desktop/pull/4949 https://hackerone.com/reports/1679267 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534 CVE-2023-28848 user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available. https://github.com/nextcloud/user_oidc/pull/580 https://hackerone.com/reports/1878381 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f CVE-2023-28998 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. https://github.com/nextcloud/desktop/pull/5323 https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr CVE-2023-28997 The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available. https://github.com/nextcloud/desktop/pull/5324 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
Created nextcloud tracking bugs for this issue: Affects: epel-8 [bug 2184428] Affects: fedora-all [bug 2184426]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.