GLSA
Advocate
Joined: 12 May 2004
Posts: 2663
|
 Posted: Thu May 27, 2021 7:26 pm Post subject: [ GLSA 202105-37 ] Nextcloud Desktop Client |
 |
|
Gentoo Linux Security Advisory
Title: Nextcloud Desktop Client: User-assisted execution of arbitrary code (GLSA 202105-37)
Severity: normal
Exploitable: remote
Date: 2021-05-26
Bug(s): #783531
ID: 202105-37
Synopsis
A vulnerability in Nextcloud Desktop Client could allow a remote
attacker to execute arbitrary commands.
Background
The Nextcloud Desktop Client is a tool to synchronize files from
Nextcloud Server with your computer.
Affected Packages
Package: net-misc/nextcloud-client
Vulnerable: < 3.1.3
Unaffected: >= 3.1.3
Architectures: All supported architectures
Description
It was discovered that Nextcloud Desktop Client did not validate URLs.
Impact
A remote attacker could entice a user to connect to a malicious
Nextcloud server to cause the execution of arbitrary commands with the
privileges of the user running the Nextcloud Desktop Client application.
Workaround
There is no known workaround at this time.
Resolution
All Nextcloud Desktop Client users should upgrade to the latest version: | Code: | # emerge --sync
# emerge --ask --oneshot --verbose ">=net-misc/nextcloud-client-3.1.3"
|
References
CVE-2021-22879 |
|
News & Announcements
