openSUSE-SU-2021:0577-1
See a problem?- Import Source
- https://ftp.suse.com/pub/projects/security/osv/openSUSE-SU-2021:0577-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/openSUSE-SU-2021:0577-1
- Upstream
- Related
- Published
- 2021-04-19T12:08:02Z
- Modified
- 2025-05-07T18:12:30.341504Z
- Summary
- Security update for nextcloud-desktop
- Details
-
This update for nextcloud-desktop fixes the following issues:
nextcloud-desktop was updated to 3.1.3:
- desktop#2884 [stable-3.1] Add support for Hirsute
- desktop#2920 [stable-3.1] Validate sensitive URLs to onle allow http(s) schemes.
- desktop#2926 [stable-3.1] Validate the providers ssl certificate
- desktop#2939 Bump release to 3.1.3
This also fix security issues:
(boo#1184770, CVE-2021-22879, NC-SA-2021-008 , CWE-99)
Nextcloud Desktop Client prior to 3.1.3 is vulnerable to resource injection by way of missing validation of URLs, allowing a malicious server to execute remote commands. User interaction is needed for exploitation.
- References
Affected packages
openSUSE:Leap 15.2 / nextcloud-desktop
Package
- Name
- nextcloud-desktop
- Purl
- pkg:rpm/opensuse/nextcloud-desktop&distro=openSUSE%20Leap%2015.2
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed3.1.3-lp152.2.6.1
Ecosystem specific
{
"binaries": [
{
"nextcloud-desktop-lang": "3.1.3-lp152.2.6.1",
"libnextcloudsync-devel": "3.1.3-lp152.2.6.1",
"nextcloud-desktop-doc": "3.1.3-lp152.2.6.1",
"nemo-extension-nextcloud": "3.1.3-lp152.2.6.1",
"libnextcloudsync0": "3.1.3-lp152.2.6.1",
"caja-extension-nextcloud": "3.1.3-lp152.2.6.1",
"nextcloud-desktop-dolphin": "3.1.3-lp152.2.6.1",
"nextcloud-desktop": "3.1.3-lp152.2.6.1",
"nautilus-extension-nextcloud": "3.1.3-lp152.2.6.1"
}
]
}