Published: 14/04/2021 Updated: 07/11/2023

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Nextcloud Desktop Client before 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nextcloud desktop
fedoraproject fedora 33

Debian Bug report logs - #987274 CVE-2021-22879 Package: nextcloud-desktop; Maintainer for nextcloud-desktop is ownCloud for Debian maintainers <pkg-owncloud-maintainers@listsaliothdebianorg>; Source for nextcloud-desktop is src:nextcloud-desktop (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> ...

Missing validation of URLs in Nextcloud Desktop Client 312 and earlier allowed a malicious server to execute code on the client User interaction was required ...

CWE-74 https://nextcloud.com/security/advisory/?id=NC-SA-2021-008 https://hackerone.com/reports/1078002 https://github.com/nextcloud/desktop/pull/2906 https://security.gentoo.org/glsa/202105-37 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/MTWBJAS5DJJIK7LLVBZZQTSJASUVIRVE/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=987274 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-22879

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-22879

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect