{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-41882", "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "dateUpdated": "2024-08-03T12:56:38.248Z", "dateReserved": "2022-09-30T00:00:00", "datePublished": "2022-11-11T00:00:00"}, "containers": {"cna": {"title": "Nextcloud Desktop vulnerable to code injection via malicious link", "providerMetadata": {"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M", "dateUpdated": "2022-11-11T00:00:00"}, "descriptions": [{"lang": "en", "value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. \"vbs\", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused."}], "affected": [{"vendor": "nextcloud", "product": "security-advisories", "versions": [{"version": "= 3.6.0", "status": "affected"}]}], "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63"}, {"url": "https://github.com/nextcloud/desktop/pull/5039"}, {"url": "https://github.com/nextcloud/server/pull/34559"}, {"url": "https://github.com/nextcloud/desktop/releases/tag/v3.6.1"}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "LOW", "userInteraction": "REQUIRED", "scope": "CHANGED", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM"}}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "CWE-94: Improper Control of Generation of Code ('Code Injection')", "cweId": "CWE-94"}]}], "source": {"advisory": "GHSA-3w86-rm38-8w63", "discovery": "UNKNOWN"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:56:38.248Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63", "tags": ["x_transferred"]}, {"url": "https://github.com/nextcloud/desktop/pull/5039", "tags": ["x_transferred"]}, {"url": "https://github.com/nextcloud/server/pull/34559", "tags": ["x_transferred"]}, {"url": "https://github.com/nextcloud/desktop/releases/tag/v3.6.1", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:desktop:3.6.0:-:*:*:*:*:*:*", "matchCriteriaId": "EF2F9B20-46C3-48F1-89C0-9A13DA72729B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. \"vbs\", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused."}, {"lang": "es", "value": "Nextcloud Desktop Client es una herramienta para sincronizar archivos desde Nextcloud Server con su computadora. En la versi\u00f3n 3.6.0, si un usuario recibe un archivo compartido malicioso y lo sincroniza localmente o habilita el sistema de archivos virtual y hace clic en un enlace nc://open/, se abrir\u00e1 el editor predeterminado para el tipo de archivo compartido, que En Windows, a veces tambi\u00e9n puede significar que se est\u00e1 ejecutando un archivo seg\u00fan el tipo, p. ej. \"vbs\". Se recomienda actualizar el cliente de escritorio Nextcloud a la versi\u00f3n 3.6.1. Como workaround, los usuarios pueden bloquear el cliente de escritorio Nextcloud 3.6.0 configurando la configuraci\u00f3n del sistema `minimum.supported.desktop.version` en `3.6.1` en el servidor, de modo que no se descarguen nuevos archivos dise\u00f1ados para dejar de utilizar este vector de ataque. Los archivos ya existentes a\u00fan se pueden utilizar. Otra soluci\u00f3n ser\u00eda obligar a que se acepten recursos compartidos configurando la configuraci\u00f3n del sistema `sharing.force_share_accept` en `true` en el servidor, de modo que los archivos nuevos dise\u00f1ados para usar este vector de ataque ya no se descarguen. Todav\u00eda se puede abusar de las acciones ya existentes."}], "id": "CVE-2022-41882", "lastModified": "2022-11-16T16:40:15.513", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 6.6, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L", "version": "3.1"}, "exploitabilityScore": 0.8, "impactScore": 5.3, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-11-11T19:15:11.323", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/desktop/pull/5039"}, {"source": "security-advisories@github.com", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/nextcloud/desktop/releases/tag/v3.6.1"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/server/pull/34559"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-94"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-94"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}