DEBIAN-CVE-2024-46958

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2024-46958

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-46958.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2024-46958

Upstream

CVE-2024-46958

Published

2024-09-16T02:15:01.803Z

Modified

2025-11-19T01:12:36.661484Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

References

https://security-tracker.debian.org/tracker/CVE-2024-46958

Affected packages

Debian:13 / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/debian/nextcloud-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-46958.json"

Debian:14 / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/debian/nextcloud-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.0-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Database specific

source

"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2024-46958.json"