CVE-2022-39331
MEDIUM5.4EPSS 0.47%nextcloud-desktop - security update
發布日:2022/11/25修改日:2026/3/9
也稱為:DEBIAN-CVE-2022-39331DEBIAN-CVE-2022-39332DEBIAN-CVE-2022-39333DEBIAN-CVE-2022-39334DEBIAN-CVE-2023-28997DLA-4303-1
描述
Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.
受影響套件(2)
- Debian/nextcloud-desktopfrom 0, < 3.1.1-2+deb11u2
- Debian/nextcloud-desktopfrom 0, < 3.1.1-2+deb11u2
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM5.4 | CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N |