CVE-2023-28999 : Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.? This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.

Published 2023-04-04 13:15:09

Updated 2023-04-10 18:16:36

Source GitHub, Inc.

View at NVD, CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2023-28999

Probability of exploitation activity in the next 30 days: 0.13%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 47 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2023-28999

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
6.4	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:L	0.9	5.5	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: Low
6.9	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L	0.4	6.0	GitHub, Inc.
Attack Vector: Physical Attack Complexity: Low Privileges Required: High User Interaction: Required Scope: Changed Confidentiality: High Integrity: High Availability: Low

CWE ids for CVE-2023-28999

CWE-311 Missing Encryption of Sensitive Data

The product does not encrypt sensitive or critical information before storage or transmission.

Assigned by: nvd@nist.gov (Primary)
CWE-325 Missing Cryptographic Step

The product does not implement a required step in a cryptographic algorithm, resulting in weaker encryption than advertised by the algorithm.

Assigned by: security-advisories@github.com (Secondary)

References for CVE-2023-28999

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8

Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders · Advisory · nextcloud/security-advisories · GitHub
Vendor Advisory
https://github.com/nextcloud/desktop/pull/5560

Feature/e2ee fixes by mgallien · Pull Request #5560 · nextcloud/desktop · GitHub
Patch;Vendor Advisory
https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf

Exploit;Technical Description;Third Party Advisory

CVEs referencing this url

Products affected by CVE-2023-28999

Nextcloud » Nextcloud » Android Edition
Versions from including (>=) 3.13.0 and before (<) 3.25.0
cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:android:*:*:*
Matching versions
Nextcloud » Nextcloud » Iphone Os Edition
Versions from including (>=) 3.0.5 and before (<) 4.8.0
cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:iphone_os:*:*:*
Matching versions
Nextcloud » Desktop
Versions from including (>=) 3.0.0 and before (<) 3.8.0
cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*
Matching versions

Vulnerability Details : CVE-2023-28999

Exploit prediction scoring system (EPSS) score for CVE-2023-28999

CVSS scores for CVE-2023-28999

CWE ids for CVE-2023-28999

References for CVE-2023-28999

Products affected by CVE-2023-28999