Insecure Inherited Permissions in desktop - CVE-2024-46958
Published: November 19, 2024
Vulnerability identifier: #VU100602
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2024-46958
CWE-ID: CWE-277
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Nextcloud
Affected software:
desktop
desktop
Detailed vulnerability description
The vulnerability allows an attacker with physical access to escalate privileges on the system.
The vulnerability exists due to the desktop client creates folders with world-readable and world-writable permissions on Linux, privilege escalation.
How to mitigate CVE-2024-46958
Install updates from vendor's website.