The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.3.0, the Nextcloud Desktop client fails to check if a private key belongs to previously downloaded public certificate. If the Nextcloud instance serves a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. This issue is fixed in Nextcloud Desktop Client version 3.3.0. There are no known workarounds aside from upgrading.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-08-18T16:00:13
Updated: 2024-08-03T23:33:54.918Z
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32728
Vulnrichment
No data.
NVD
Status : Modified
Published: 2021-08-18T16:15:07.293
Modified: 2024-11-21T06:07:36.810
Link: CVE-2021-32728
Redhat
No data.