CVE-2023-28999

Public Exploit

Nextcloud: Lack of authenticity of metadata keys allows a malicious server to gain access to E2EE folders

Description

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files. This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.

References

Link	Tags
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8	vendor advisory
https://github.com/nextcloud/desktop/pull/5560	patch vendor advisory
https://ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdf	third party advisory exploit technical description

Frequently Asked Questions

What is the severity of CVE-2023-28999?: CVE-2023-28999 has been scored as a medium severity vulnerability.
How to fix CVE-2023-28999?: To fix CVE-2023-28999, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2023-28999 being actively exploited in the wild?: It is possible that CVE-2023-28999 is being exploited or will be exploited in a near future based on public information. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2023-28999?: CVE-2023-28999 affects nextcloud security-advisories.

Description

Categories

CWE-325 – Missing Cryptographic Step

CWE-311 – Missing Encryption of Sensitive Data

References

Frequently Asked Questions