cve-2022-41882
Vulnerability from cvelistv5
Published
2022-11-11 00:00
Modified
2024-08-03 12:56
Severity ?
6.6 (Medium) - CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L
Summary
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.
References
security-advisories@github.comhttps://github.com/nextcloud/desktop/pull/5039Patch, Third Party Advisory
security-advisories@github.comhttps://github.com/nextcloud/desktop/releases/tag/v3.6.1Release Notes, Third Party Advisory
security-advisories@github.comhttps://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63Third Party Advisory
security-advisories@github.comhttps://github.com/nextcloud/server/pull/34559Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/desktop/pull/5039Patch, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/desktop/releases/tag/v3.6.1Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/nextcloud/server/pull/34559Patch, Third Party Advisory
Impacted products
Vendor Product Version
nextcloud security-advisories Version: = 3.6.0
 Create a notification for this product.
Show details on NVD website

To clipboard 

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:56:38.248Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/pull/5039"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/server/pull/34559"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/releases/tag/v3.6.1"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "= 3.6.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. \"vbs\", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "LOCAL",
            "availabilityImpact": "LOW",
            "baseScore": 6.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-94",
              "description": "CWE-94: Improper Control of Generation of Code (\u0027Code Injection\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-11T00:00:00",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63"
        },
        {
          "url": "https://github.com/nextcloud/desktop/pull/5039"
        },
        {
          "url": "https://github.com/nextcloud/server/pull/34559"
        },
        {
          "url": "https://github.com/nextcloud/desktop/releases/tag/v3.6.1"
        }
      ],
      "source": {
        "advisory": "GHSA-3w86-rm38-8w63",
        "discovery": "UNKNOWN"
      },
      "title": "Nextcloud Desktop vulnerable to code injection via malicious link"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-41882",
    "datePublished": "2022-11-11T00:00:00",
    "dateReserved": "2022-09-30T00:00:00",
    "dateUpdated": "2024-08-03T12:56:38.248Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2022-41882\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2022-11-11T19:15:11.323\",\"lastModified\":\"2024-11-21T07:23:58.950\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. \\\"vbs\\\", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the `minimum.supported.desktop.version` system config to `3.6.1` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the `sharing.force_share_accept` system config to `true` on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.\"},{\"lang\":\"es\",\"value\":\"Nextcloud Desktop Client es una herramienta para sincronizar archivos desde Nextcloud Server con su computadora. En la versi\u00f3n 3.6.0, si un usuario recibe un archivo compartido malicioso y lo sincroniza localmente o habilita el sistema de archivos virtual y hace clic en un enlace nc://open/, se abrir\u00e1 el editor predeterminado para el tipo de archivo compartido, que En Windows, a veces tambi\u00e9n puede significar que se est\u00e1 ejecutando un archivo seg\u00fan el tipo, p. ej. \\\"vbs\\\". Se recomienda actualizar el cliente de escritorio Nextcloud a la versi\u00f3n 3.6.1. Como workaround, los usuarios pueden bloquear el cliente de escritorio Nextcloud 3.6.0 configurando la configuraci\u00f3n del sistema `minimum.supported.desktop.version` en `3.6.1` en el servidor, de modo que no se descarguen nuevos archivos dise\u00f1ados para dejar de utilizar este vector de ataque. Los archivos ya existentes a\u00fan se pueden utilizar. Otra soluci\u00f3n ser\u00eda obligar a que se acepten recursos compartidos configurando la configuraci\u00f3n del sistema `sharing.force_share_accept` en `true` en el servidor, de modo que los archivos nuevos dise\u00f1ados para usar este vector de ataque ya no se descarguen. Todav\u00eda se puede abusar de las acciones ya existentes.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:H/A:L\",\"baseScore\":6.6,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"REQUIRED\",\"scope\":\"CHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":0.8,\"impactScore\":5.3},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-94\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:nextcloud:desktop:3.6.0:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"EF2F9B20-46C3-48F1-89C0-9A13DA72729B\"}]}]}],\"references\":[{\"url\":\"https://github.com/nextcloud/desktop/pull/5039\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/desktop/releases/tag/v3.6.1\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/server/pull/34559\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/desktop/pull/5039\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/desktop/releases/tag/v3.6.1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3w86-rm38-8w63\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://github.com/nextcloud/server/pull/34559\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.