How severe is CVE-2023-28999?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 6.4 out of 10.

What type of vulnerability is CVE-2023-28999?

This is classified as CWE-325, which is a common weakness in software security.

CVE-2023-28999 - MEDIUM Severity | CVSS 6.4

Vulnerability Description

Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files. This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.

Related Vulnerabilities

CVE-2019-3738

MEDIUM

CVSS:6.5(Medium)

RSA BSAFE Crypto-J versions prior to 6.2.5 are vulnerable to a Missing Required Cryptographic Step vulnerability. A malicious remote attacker could potentially exploit this vulnerability to coerce two...

CWE-3252019

CVE-2023-39199

MEDIUM

CVSS:6.5(Medium)

Cryptographic issues with In-Meeting Chat for some Zoom clients may allow a privileged user to conduct an information disclosure via network access.

CWE-3252023

CVE-2023-28998

MEDIUM

CVSS:6.1(Medium)

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server. Starting with version 3.0.0 and prior to version 3.6.5, a malicious server administrator can gain full access to an e...

CWE-3252023

CVE-2018-5383

MEDIUM

CVSS:6.8(Medium)

Bluetooth firmware or operating system software drivers in macOS versions before 10.13, High Sierra and iOS versions before 11.4, and Android versions before the 2018-06-05 patch may not sufficiently ...

CWE-3252018

CVE-2020-26244

MEDIUM

CVSS:6.8(Medium)

Python oic is a Python OpenID Connect implementation. In Python oic before version 1.2.1, there are several related cryptographic issues affecting client implementations that use the library. The issu...

CWE-3252020

CVE-2022-20793

MEDIUM

CVSS:6.8(Medium)

A vulnerability in pairing process of Cisco TelePresence CE Software and RoomOS Software for Cisco Touch 10 Devices could allow an unauthenticated, remote attacker to impersonate a legitimat...

CWE-3252022