SB2022112806 - Multiple vulnerabilities in Nextcloud desktop
Published: November 28, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 4 secuirty vulnerabilities.
1) Cross-site scripting (CVE-ID: CVE-2022-39331)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the notifications. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
2) Cross-site scripting (CVE-ID: CVE-2022-39332)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within the user status and information. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Cross-site scripting (CVE-ID: CVE-2022-39333)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in call notification popup. A remote user can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
4) Improper Certificate Validation (CVE-ID: CVE-2022-39334)
The vulnerability allows a local user to compromise the target system.
The vulnerability exists due to improper certificate verification. A local user can perform a man-in-the-middle (MitM) attack and gain access to sensitive information on the system.
Remediation
Install update from vendor's website.
References
- https://github.com/nextcloud/desktop/pull/4944
- https://hackerone.com/reports/1668028
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
- https://github.com/nextcloud/desktop/pull/4972
- https://hackerone.com/reports/1707977
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
- https://hackerone.com/reports/1711847
- https://hackerone.com/reports/1699740
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
- https://github.com/nextcloud/desktop/pull/5022
- https://github.com/nextcloud/desktop/issues/4927