CVE-2024-37885

high

Description

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.

References

https://hackerone.com/reports/2307625

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7

https://github.com/nextcloud/desktop/pull/6378

Details

Source: Mitre, NVD

Published: 2024-06-14

Updated: 2024-08-19

Risk Information

CVSS v2

Base Score: 6.8

Vector: CVSS2#AV:L/AC:L/Au:S/C:C/I:C/A:C

Severity: Medium

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High