CVE-2021-37617
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H
Summary
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with a computer. The Nextcloud Desktop Client invokes its uninstaller script when being installed to make sure there are no remnants of previous installations. In versions 3.0.3 through 3.2.4, the Client searches the Uninstall.exe file in a folder that can be written by regular users. This could lead to a case where a malicious user creates a malicious Uninstall.exe, which would be executed with administrative privileges on the Nextcloud Desktop Client installation. This issue is fixed in Nextcloud Desktop Client version 3.3.0. As a workaround, do not allow untrusted users to create content in the C:\ system folder and verify that there is no malicious C:\Uninstall.exe file on the system.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| nextcloud | security-advisories | >= 3.0.3 , <= 3.2.4 | affected |
Weaknesses
- CWE-426: CWE-426: Untrusted Search Path
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
- https://github.com/nextcloud/desktop/pull/3497
- https://hackerone.com/reports/1240749
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6q2w-v879-q24v
- https://github.com/nextcloud/desktop/pull/3497
- https://hackerone.com/reports/1240749
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.