CVE-2024-46958
CRITICAL9.1EPSS 0.15%Published: 9/16/2024Modified: 4/28/2026
Description
In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.
Affected packages (1)
- Debian/nextcloud-desktopfrom 0, < 3.15.0-1
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.1 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N |