Bug 2184425 (CVE-2023-28848, CVE-2023-28997, CVE-2023-28998, CVE-2023-29000) - CVE-2023-29000 CVE-2023-28848 CVE-2023-28998 CVE-2023-28997 nextcloud: Multiple vulnerabilities
Summary: CVE-2023-29000 CVE-2023-28848 CVE-2023-28998 CVE-2023-28997 nextcloud: Multip...
Keywords:
Status: CLOSED UPSTREAM
Alias: CVE-2023-28848, CVE-2023-28997, CVE-2023-28998, CVE-2023-29000
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2184426 2184428
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-04-04 16:14 UTC by Pedro Sampaio
Modified: 2023-04-04 19:52 UTC (History)
0 users

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-04-04 19:52:52 UTC
Embargoed:

Attachments (Terms of Use)

Description Pedro Sampaio 2023-04-04 16:14:52 UTC 
CVE-2023-29000
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.7.0, by trusting that the server will return a certificate that belongs to the keypair of the user, a malicious server could get the desktop client to encrypt files with a key known to the attacker. This issue is fixed in Nextcloud Desktop 3.7.0. No known workarounds are available.

https://github.com/nextcloud/desktop/pull/4949
https://hackerone.com/reports/1679267
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h82x-98q3-7534

CVE-2023-28848
user_oidc is the OIDC connect user backend for Nextcloud, an open source collaboration platform. A vulnerability in versions 1.0.0 until 1.3.0 effectively allowed an attacker to bypass the state protection as they could just copy the expected state token from the first request to their second request. Users should upgrade user_oidc to 1.3.0 to receive a patch for the issue. No known workarounds are available.

https://github.com/nextcloud/user_oidc/pull/580
https://hackerone.com/reports/1878381
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-52hv-xw32-wf7f

CVE-2023-28998
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure, and add new files.? Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

https://github.com/nextcloud/desktop/pull/5323
https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jh3g-wpwv-cqgr

CVE-2023-28997
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can recover and modify the contents of end-to-end encrypted files. Users should upgrade the Nextcloud Desktop client to 3.6.5 to receive a patch. No known workarounds are available.

https://github.com/nextcloud/desktop/pull/5324
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4p33-rw27-j5fc
https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf
Comment 1 Pedro Sampaio 2023-04-04 16:15:11 UTC 
Created nextcloud tracking bugs for this issue:

Affects: epel-8 [bug 2184428]
Affects: fedora-all [bug 2184426]
Comment 2 Product Security DevOps Team 2023-04-04 19:52:50 UTC 
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Note You need to log in before you can comment on or make changes to this bug.