ALT-PU-2024-18453-2

Package update nextcloud-client in branch sisyphus

Version3.15.0-alt1

Published2026-02-25

Max severityHIGH

Severity:

Closed issues (3)

MEDIUM5.0

Уязвимость компонента Socket API программного обеспечения Nextcloud Desktop, позволяющая нарушителю оказать воздействие на конфиденциальность и целостность защищаемой информации

Published: 2026-02-24

CVSS 3.xMEDIUM 5.0

CVSS:3.x/AV:L/AC:H/PR:L/UI:R/S:U/C:H/I:L/A:N

CVSS 2.0MEDIUM 4.5

CVSS:2.0/AV:L/AC:H/Au:S/C:C/I:P/A:N

References

CVE-2025-47792

HIGH7.5

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. The Desktop client did not stop with an error but allowed by-passing the signature validation, if a manipulated server sends an empty initial signature. It is recommended that the Nextcloud Desktop client is upgraded to 3.14.2 or later.

Published: 2024-11-15Modified: 2025-08-28

CVSS 3.xHIGH 7.5

CVSS:3.x/CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References

MEDIUM6.1

Nextcloud Desktop is the desktop sync client for Nextcloud. In versions of Nextcloud Desktop prior to 3.15, 3rdparty applications already installed on a user machine can create link shares for almost all data via the socket API. These shares can then be easily sent off to an external service. Nextcloud Desktop fixes the issue in version 3.15. No known workarounds are available.

Published: 2025-05-16Modified: 2025-09-08

CVSS 3.xMEDIUM 6.1

CVSS:3.x/CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:L/A:N

References