CVE-2024-46958

critical

Description

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

References

https://github.com/nextcloud/security-advisories/security/advisories

https://github.com/nextcloud/desktop/pull/7092

https://github.com/nextcloud/desktop/pull/6949

https://github.com/nextcloud/desktop/issues/6863

https://github.com/nextcloud/desktop/compare/v3.13.3...v3.13.4

Details

Source: Mitre, NVD

Published: 2024-09-16

Updated: 2025-03-13

Risk Information

CVSS v2

Base Score: 9.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:N

Severity: High

CVSS v3

Base Score: 9.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Severity: Critical

EPSS

EPSS: 0.0013

Detections

Analytics