CVE-2023-28999

Source
https://cve.org/CVERecord?id=CVE-2023-28999
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28999.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28999
Aliases
Downstream
Published
2023-04-04T12:51:08.241Z
Modified
2026-07-13T06:26:18.597341993Z
Severity
  • 6.9 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:L CVSS Calculator
Summary
Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders
Details

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files.​ This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.

Database specific
{
    "cna_assigner": "GitHub_M",
    "unresolved_ranges": [
        {
            "source": "AFFECTED_FIELD",
            "extracted_events": [
                {
                    "introduced": "3.13.0"
                },
                {
                    "fixed": "3.25.0"
                },
                {
                    "introduced": "3.0.5"
                },
                {
                    "fixed": "4.8.0"
                }
            ]
        }
    ],
    "cwe_ids": [
        "CWE-325"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/28xxx/CVE-2023-28999.json"
}
References

Affected packages

Git / github.com/nextcloud/android

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/android
Events
Database specific
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "3.13.0"
        },
        {
            "fixed": "3.25.0"
        }
    ],
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:android:*:*:*"
}
Type
GIT
Repo
https://github.com/nextcloud/desktop
Events
Database specific
{
    "source": [
        "AFFECTED_FIELD",
        "CPE_RANGE"
    ],
    "extracted_events": [
        {
            "introduced": "3.0.0"
        },
        {
            "fixed": "3.8.0"
        }
    ],
    "cpe": "cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*"
}
Type
GIT
Repo
https://github.com/nextcloud/ios
Events
Database specific
{
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "3.0.5"
        },
        {
            "fixed": "4.8.0"
        }
    ],
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:iphone_os:*:*:*"
}

Affected versions

3.*
3.0.10
3.0.11
3.0.12
3.0.14
3.0.15
3.1.0
3.2.0
3.3.0
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.1.0
4.2.0
4.2.1
4.2.2
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.6.0
4.7.0
v3.*
v3.0.5
v3.0.6
v3.0.7
v3.0.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28999.json"
vanir_signatures
[
    {
        "source": "https://github.com/nextcloud/desktop/commit/b15f9376b2761b7dd9726aa3a110b1077ef57094",
        "digest": {
            "function_hash": "101649583395170060309763545000262885430",
            "length": 1163.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "OCC::HydrationJob::slotCheckFolderEncryptedMetadata",
            "file": "src/libsync/vfs/cfapi/hydrationjob.cpp"
        },
        "id": "CVE-2023-28999-3f19e2b9"
    },
    {
        "source": "https://github.com/nextcloud/desktop/commit/b15f9376b2761b7dd9726aa3a110b1077ef57094",
        "target": {
            "file": "src/libsync/vfs/cfapi/vfs_cfapi.cpp"
        },
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "226972522689971151640741611966896760315",
                "6761838625930364135452577204500142493",
                "323669476810890076709762257632198786258",
                "95887726979464850580531724852363227229"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "signature_version": "v1",
        "id": "CVE-2023-28999-9075e7af"
    },
    {
        "source": "https://github.com/nextcloud/desktop/commit/b15f9376b2761b7dd9726aa3a110b1077ef57094",
        "target": {
            "file": "src/libsync/clientsideencryption.cpp"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "184768993908712843135059723499629664191",
                "263677768931353285972848147053892066026",
                "17820304022799912052226267570635727754",
                "247028315761105296216753869082916283057",
                "319535011696866341067214169084501544005",
                "292697869727850455733347997137348214683",
                "8399253846568777635206679802043293474",
                "142788300903851892392876694930015003353",
                "167288391152401584260673006011530660946",
                "276384299447226568337644657957432986217"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-28999-9fddbf04"
    },
    {
        "source": "https://github.com/nextcloud/desktop/commit/b15f9376b2761b7dd9726aa3a110b1077ef57094",
        "target": {
            "file": "src/libsync/vfs/cfapi/hydrationjob.cpp"
        },
        "signature_type": "Line",
        "signature_version": "v1",
        "deprecated": false,
        "digest": {
            "line_hashes": [
                "157470299154970211748345832830191459969",
                "189283325233178648012609185252195439590",
                "40148955164420873735148142005907145131",
                "227522160379164553196595713112759768916"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2023-28999-bedc4517"
    },
    {
        "source": "https://github.com/nextcloud/desktop/commit/b15f9376b2761b7dd9726aa3a110b1077ef57094",
        "digest": {
            "function_hash": "174592396439734652915231344929463948220",
            "length": 1135.0
        },
        "signature_type": "Function",
        "signature_version": "v1",
        "deprecated": false,
        "target": {
            "function": "VfsCfApi::scheduleHydrationJob",
            "file": "src/libsync/vfs/cfapi/vfs_cfapi.cpp"
        },
        "id": "CVE-2023-28999-dcf1eb19"
    }
]
vanir_signatures_modified
"2026-07-09T16:45:09Z"