CVE Vulnerabilities

CVE-2024-46958

Published: Sep 16, 2024 | Modified: Mar 13, 2025
CVSS 3.x
9.1
CRITICAL
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM
root.io minimus.io echohq.com

In Nextcloud Desktop Client 3.13.1 through 3.13.3 on Linux, synchronized files (between the server and client) may become world writable or world readable. This is fixed in 3.13.4.

Affected Software

Name Vendor Start Version End Version
Desktop Nextcloud 3.13.1 (including) 3.13.4 (excluding)
Nextcloud-desktop Ubuntu focal *

References