CyberSec.Space Logo
Back to CVE Browser

CVE-2021-22879

HIGH
8.8
CVSS Severity Score
EPSS Score0.0420%
EPSS Percentile44.70th
PublishedApr 14, 2021
Last ModifiedNov 21, 2024

Vulnerability Description

Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

Affected Platforms (CPE)

πŸ“¦
Nextcloud

Desktop

< 3.1.3
πŸ’»
Fedoraproject

Fedora

= 33

References & Advisories

πŸ”— https://github.com/nextcloud/desktop/pull/2906
πŸ”— https://hackerone.com/reports/1078002
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE/
πŸ”— https://nextcloud.com/security/advisory/?id=NC-SA-2021-008
πŸ”— https://security.gentoo.org/glsa/202105-37
πŸ”— https://github.com/nextcloud/desktop/pull/2906
πŸ”— https://hackerone.com/reports/1078002
πŸ”— https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE/

Related Vulnerabilities

CVE-2020-1375310.0

The bubblewrap sandbox of WebKitGTK and WPE WebKit, prior to 2.28.3, failed to properly block access to CLONE_NEWUSER and the TIOC...

CVE-2020-188910.0

A security feature bypass issue in WhatsApp Desktop versions prior to v0.3.4932 could have allowed for sandbox escape in Electron ...

CVE-2020-696610.0

In ApexPro Telemetry Server Versions 4.2 and prior, CARESCAPE Telemetry Server v4.2 & prior, Clinical Information Center (CIC) Ver...

CVE-2021-217710.0

Vulnerability in the Oracle Secure Global Desktop product of Oracle Virtualization (component: Gateway). The supported version tha...