csaf_opensuse - opensuse-su-2023:0171-1

opensuse-su-2023:0171-1

Vulnerability from csaf_opensuse

Published

2023-07-10 11:03

Modified

2023-07-10 11:03

Summary

Security update for nextcloud-desktop

Notes

Title of the patch

Security update for nextcloud-desktop

Description of the patch

This update for nextcloud-desktop fixes the following issues: Update ot 3.8.0 - Resize WebView widget once the loginpage rendered - Feature/secure file drop - Check German translation for wrong wording - L10n: Correct word - Fix displaying of file details button for local syncfileitem activities - Improve config upgrade warning dialog - Only accept folder setup page if overrideLocalDir is set - Update CHANGELOG. - Prevent ShareModel crash from accessing bad pointers - Bugfix/init value for pointers - Log to stdout when built in Debug config - Clean up account creation and deletion code - L10n: Added dot to end of sentence - L10n: Fixed grammar - Fix 'Create new folder' menu entries in settings not working correctly on macOS - Ci/clang tidy checks init variables - Fix share dialog infinite loading - Fix edit locally job not finding the user account: wrong user id - Skip e2e encrypted files with empty filename in metadata - Use new connect syntax - Fix avatars not showing up in settings dialog account actions until clicked on - Always discover blacklisted folders to avoid data loss when modifying selectivesync list. - Fix infinite loading in the share dialog when public link shares are disabled on the server - With cfapi when dehydrating files add missing flag - Fix text labels in Sync Status component - Display 'Search globally' as the last sharees list element - Fix display of 2FA notification. - Bugfix/do not restore virtual files - Show server name in tray main window - Add Ubuntu Lunar - Debian build classification 'beta' cannot override 'release'. - Update changelog - Follow shouldNotify flag to hide notifications when needed - Bugfix/stop after creating config file - E2EE cut extra zeroes from derypted byte array. - When local sync folder is overriden, respect this choice - Feature/e2ee fixes - This update also fixes security issues: - (boo#1205798, CVE-2022-39331) - Arbitrary HyperText Markup Language injection in notifications - (boo#1205799, CVE-2022-39332) - Arbitrary HyperText Markup Language injection in user status and information - (boo#1205800, CVE-2022-39333) - Arbitrary HyperText Markup Language injection in desktop client application - (boo#1205801, CVE-2022-39334) - Client incorrectly trusts invalid TLS certificates - (boo#1207976, CVE-2023-23942) - missing sanitisation on qml labels leading to javascript injection

Patchnames

openSUSE-2023-171

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for nextcloud-desktop",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for nextcloud-desktop fixes the following issues:\n\nUpdate ot 3.8.0\n\n  - Resize WebView widget once the loginpage rendered\n  - Feature/secure file drop\n  - Check German translation for wrong wording\n  - L10n: Correct word\n  - Fix displaying of file details button for local syncfileitem activities\n  - Improve config upgrade warning dialog\n  - Only accept folder setup page if overrideLocalDir is set\n  - Update CHANGELOG.\n  - Prevent ShareModel crash from accessing bad pointers\n  - Bugfix/init value for pointers\n  - Log to stdout when built in Debug config\n  - Clean up account creation and deletion code\n  - L10n: Added dot to end of sentence\n  - L10n: Fixed grammar\n  - Fix \u0027Create new folder\u0027 menu entries in settings not working correctly on macOS\n  - Ci/clang tidy checks init variables\n  - Fix share dialog infinite loading\n  - Fix edit locally job not finding the user account: wrong user id\n  - Skip e2e encrypted files with empty filename in metadata\n  - Use new connect syntax\n  - Fix avatars not showing up in settings dialog account actions until clicked on\n  - Always discover blacklisted folders to avoid data loss when modifying selectivesync list.\n  - Fix infinite loading in the share dialog when public link shares are disabled on the server\n  - With cfapi when dehydrating files add missing flag\n  - Fix text labels in Sync Status component\n  - Display \u0027Search globally\u0027 as the last sharees list element\n  - Fix display of 2FA notification.\n  - Bugfix/do not restore virtual files\n  - Show server name in tray main window\n  - Add Ubuntu Lunar\n  - Debian build classification \u0027beta\u0027 cannot override \u0027release\u0027.\n  - Update changelog\n  - Follow shouldNotify flag to hide notifications when needed\n  - Bugfix/stop after creating config file\n  - E2EE cut extra zeroes from derypted byte array.\n  - When local sync folder is overriden, respect this choice\n  - Feature/e2ee fixes\n\n- This update also fixes security issues:\n\n  - (boo#1205798, CVE-2022-39331)\n    - Arbitrary HyperText Markup Language injection in notifications \n  - (boo#1205799, CVE-2022-39332)\n    - Arbitrary HyperText Markup Language injection in user status and information \n  - (boo#1205800, CVE-2022-39333)\n    - Arbitrary HyperText Markup Language injection in desktop client application \n  - (boo#1205801, CVE-2022-39334)\n    - Client incorrectly trusts invalid TLS certificates \n  - (boo#1207976, CVE-2023-23942)\n    - missing sanitisation on qml labels leading to javascript injection \n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "openSUSE-2023-171",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2023_0171-1.json"
      },
      {
        "category": "self",
        "summary": "URL for openSUSE-SU-2023:0171-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MYOV4BMU2LQGVZ5NTYTI7BA3XMRNOCDF/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for openSUSE-SU-2023:0171-1",
        "url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/MYOV4BMU2LQGVZ5NTYTI7BA3XMRNOCDF/"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205798",
        "url": "https://bugzilla.suse.com/1205798"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205799",
        "url": "https://bugzilla.suse.com/1205799"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205800",
        "url": "https://bugzilla.suse.com/1205800"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1205801",
        "url": "https://bugzilla.suse.com/1205801"
      },
      {
        "category": "self",
        "summary": "SUSE Bug 1207976",
        "url": "https://bugzilla.suse.com/1207976"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-39331 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-39331/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-39332 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-39332/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-39333 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-39333/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2022-39334 page",
        "url": "https://www.suse.com/security/cve/CVE-2022-39334/"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-23942 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-23942/"
      }
    ],
    "title": "Security update for nextcloud-desktop",
    "tracking": {
      "current_release_date": "2023-07-10T11:03:58Z",
      "generator": {
        "date": "2023-07-10T11:03:58Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "openSUSE-SU-2023:0171-1",
      "initial_release_date": "2023-07-10T11:03:58Z",
      "revision_history": [
        {
          "date": "2023-07-10T11:03:58Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
                "product": {
                  "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
                  "product_id": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
                "product": {
                  "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
                  "product_id": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
                "product": {
                  "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
                  "product_id": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64"
                }
              },
              {
                "category": "product_version",
                "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
                "product": {
                  "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
                  "product_id": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64"
                }
              }
            ],
            "category": "architecture",
            "name": "aarch64"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                "product": {
                  "name": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                  "product_id": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                "product": {
                  "name": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                  "product_id": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                "product": {
                  "name": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                  "product_id": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                "product": {
                  "name": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
                  "product_id": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
                "product": {
                  "name": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
                  "product_id": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch"
                }
              },
              {
                "category": "product_version",
                "name": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
                "product": {
                  "name": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
                  "product_id": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
                }
              }
            ],
            "category": "architecture",
            "name": "noarch"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
                "product": {
                  "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
                  "product_id": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
                "product": {
                  "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
                  "product_id": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
                "product": {
                  "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
                  "product_id": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
                "product": {
                  "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
                  "product_id": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Package Hub 15 SP5",
                "product": {
                  "name": "SUSE Package Hub 15 SP5",
                  "product_id": "SUSE Package Hub 15 SP5"
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64 as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch as component of SUSE Package Hub 15 SP5",
          "product_id": "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "SUSE Package Hub 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64"
        },
        "product_reference": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64"
        },
        "product_reference": "nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        },
        "product_reference": "nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-39331",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-39331"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-39331",
          "url": "https://www.suse.com/security/cve/CVE-2022-39331"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205798 for CVE-2022-39331",
          "url": "https://bugzilla.suse.com/1205798"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-10T11:03:58Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-39331"
    },
    {
      "cve": "CVE-2022-39332",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-39332"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-39332",
          "url": "https://www.suse.com/security/cve/CVE-2022-39332"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205799 for CVE-2022-39332",
          "url": "https://bugzilla.suse.com/1205799"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-10T11:03:58Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-39332"
    },
    {
      "cve": "CVE-2022-39333",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-39333"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-39333",
          "url": "https://www.suse.com/security/cve/CVE-2022-39333"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205800 for CVE-2022-39333",
          "url": "https://bugzilla.suse.com/1205800"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 6.1,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-10T11:03:58Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2022-39333"
    },
    {
      "cve": "CVE-2022-39334",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2022-39334"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2022-39334",
          "url": "https://www.suse.com/security/cve/CVE-2022-39334"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1205801 for CVE-2022-39334",
          "url": "https://bugzilla.suse.com/1205801"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-10T11:03:58Z",
          "details": "low"
        }
      ],
      "title": "CVE-2022-39334"
    },
    {
      "cve": "CVE-2023-23942",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-23942"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
          "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
          "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-23942",
          "url": "https://www.suse.com/security/cve/CVE-2023-23942"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1207976 for CVE-2023-23942",
          "url": "https://bugzilla.suse.com/1207976"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          },
          "products": [
            "SUSE Package Hub 15 SP5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "SUSE Package Hub 15 SP5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:caja-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:cloudproviders-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync-devel-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:libnextcloudsync0-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nautilus-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nemo-extension-nextcloud-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-doc-3.8.0-bp155.2.3.1.noarch",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.aarch64",
            "openSUSE Leap 15.5:nextcloud-desktop-dolphin-3.8.0-bp155.2.3.1.x86_64",
            "openSUSE Leap 15.5:nextcloud-desktop-lang-3.8.0-bp155.2.3.1.noarch"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-07-10T11:03:58Z",
          "details": "moderate"
        }
      ],
      "title": "CVE-2023-23942"
    }
  ]
}

CVE-2022-39332 (GCVE-0-2022-39332)

Vulnerability from cvelistv5

Published

2022-11-25 00:00

Modified

2025-04-22 16:00

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

References

►

URL

Tags

	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p
	https://github.com/nextcloud/desktop/pull/4972
	https://hackerone.com/reports/1707977

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 3.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.115Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/pull/4972"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1707977"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39332",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:55.863713Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:00:19.395Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application via user status and information. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-25T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-q9f6-4r6r-h74p"
        },
        {
          "url": "https://github.com/nextcloud/desktop/pull/4972"
        },
        {
          "url": "https://hackerone.com/reports/1707977"
        }
      ],
      "source": {
        "advisory": "GHSA-q9f6-4r6r-h74p",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-site scripting (XSS) in Nextcloud Desktop Client "
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39332",
    "datePublished": "2022-11-25T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:00:19.395Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2023-23942 (GCVE-0-2023-23942)

Vulnerability from cvelistv5

Published

2023-02-06 20:23

Modified

2025-03-10 21:15

Severity ?

5.4 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue.

References

►

URL

Tags

	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg	x_refsource_CONFIRM
	https://github.com/nextcloud/desktop/pull/5233	x_refsource_MISC
	https://hackerone.com/reports/1788598	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 3.6.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T10:49:08.445Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg"
          },
          {
            "name": "https://github.com/nextcloud/desktop/pull/5233",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/pull/5233"
          },
          {
            "name": "https://hackerone.com/reports/1788598",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1788598"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-23942",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-03-10T20:58:23.470933Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-03-10T21:15:57.175Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Nextcloud Desktop Client is a tool to synchronize files from a Nextcloud Server with your computer. Versions prior to 3.6.3 are missing sanitisation on qml labels which are used for basic HTML elements such as `strong`, `em` and `head` lines in the UI of the desktop client. The lack of sanitisation may allow for javascript injection. It is recommended that the Nextcloud Desktop Client is upgraded to 3.6.3. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 5.4,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "CHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-02-06T20:23:06.072Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-64qc-vf6v-8xgg"
        },
        {
          "name": "https://github.com/nextcloud/desktop/pull/5233",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/desktop/pull/5233"
        },
        {
          "name": "https://hackerone.com/reports/1788598",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1788598"
        }
      ],
      "source": {
        "advisory": "GHSA-64qc-vf6v-8xgg",
        "discovery": "UNKNOWN"
      },
      "title": "Self reflected HTML injection in Desktop client"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-23942",
    "datePublished": "2023-02-06T20:23:06.072Z",
    "dateReserved": "2023-01-19T21:12:31.362Z",
    "dateUpdated": "2025-03-10T21:15:57.175Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39334 (GCVE-0-2022-39334)

Vulnerability from cvelistv5

Published

2022-11-25 00:00

Modified

2025-04-22 15:59

Severity ?

3.9 (Low) - CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-295 - Improper Certificate Validation

Summary

Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server.

References

►

URL

Tags

	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv
	https://github.com/nextcloud/desktop/issues/4927
	https://github.com/nextcloud/desktop/pull/5022
	https://hackerone.com/reports/1699740

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 3.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.104Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/issues/4927"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/pull/5022"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1699740"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39334",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:45.580603Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T15:59:53.227Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud also ships a CLI utility called nextcloudcmd which is sometimes used for automated scripting and headless servers. Versions of nextcloudcmd prior to 3.6.1 would incorrectly trust invalid TLS certificates, which may enable a Man-in-the-middle attack that exposes sensitive data or credentials to a network attacker. This affects the CLI only. It does not affect the standard GUI desktop Nextcloud clients, and it does not affect the Nextcloud server."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 3.9,
            "baseSeverity": "LOW",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-295",
              "description": "CWE-295: Improper Certificate Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-03-06T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-82xx-98xv-4jxv"
        },
        {
          "url": "https://github.com/nextcloud/desktop/issues/4927"
        },
        {
          "url": "https://github.com/nextcloud/desktop/pull/5022"
        },
        {
          "url": "https://hackerone.com/reports/1699740"
        }
      ],
      "source": {
        "advisory": "GHSA-82xx-98xv-4jxv",
        "discovery": "UNKNOWN"
      },
      "title": "nextcloudcmd incorrectly trusts bad TLS certificates"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39334",
    "datePublished": "2022-11-25T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T15:59:53.227Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39331 (GCVE-0-2022-39331)

Vulnerability from cvelistv5

Published

2022-11-25 00:00

Modified

2025-04-22 16:00

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

References

►

URL

Tags

	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5
	https://github.com/nextcloud/desktop/pull/4944
	https://hackerone.com/reports/1668028

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 3.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.041Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/pull/4944"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1668028"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39331",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:41:00.460239Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:00:31.074Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-25T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3xh-q694-6rc5"
        },
        {
          "url": "https://github.com/nextcloud/desktop/pull/4944"
        },
        {
          "url": "https://hackerone.com/reports/1668028"
        }
      ],
      "source": {
        "advisory": "GHSA-c3xh-q694-6rc5",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-site Scripting (XSS) in Nexcloud Desktop Client"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39331",
    "datePublished": "2022-11-25T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:00:31.074Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

CVE-2022-39333 (GCVE-0-2022-39333)

Vulnerability from cvelistv5

Published

2022-11-25 00:00

Modified

2025-04-22 16:00

Severity ?

4.6 (Medium) - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N

CWE

CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Summary

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

References

►

URL

Tags

	https://github.com/nextcloud/desktop/pull/4972
	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8
	https://hackerone.com/reports/1711847

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 3.6.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T12:00:44.081Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/desktop/pull/4972"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1711847"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2022-39333",
                "options": [
                  {
                    "Exploitation": "poc"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-04-22T15:40:50.784199Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-04-22T16:00:06.854Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.6.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 4.6,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-79",
              "description": "CWE-79: Improper Neutralization of Input During Web Page Generation (\u0027Cross-site Scripting\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-11-25T00:00:00.000Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "url": "https://github.com/nextcloud/desktop/pull/4972"
        },
        {
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-92p9-x79h-2mj8"
        },
        {
          "url": "https://hackerone.com/reports/1711847"
        }
      ],
      "source": {
        "advisory": "GHSA-92p9-x79h-2mj8",
        "discovery": "UNKNOWN"
      },
      "title": "Cross-site scripting (XSS) in Nextcloud Desktop Client"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2022-39333",
    "datePublished": "2022-11-25T00:00:00.000Z",
    "dateReserved": "2022-09-02T00:00:00.000Z",
    "dateUpdated": "2025-04-22T16:00:06.854Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

opensuse-su-2023:0171-1

Vulnerability from csaf_opensuse

CVE-2022-39332 (GCVE-0-2022-39332)

Vulnerability from cvelistv5

CVE-2023-23942 (GCVE-0-2023-23942)

Vulnerability from cvelistv5

CVE-2022-39334 (GCVE-0-2022-39334)

Vulnerability from cvelistv5

CVE-2022-39331 (GCVE-0-2022-39331)

Vulnerability from cvelistv5

CVE-2022-39333 (GCVE-0-2022-39333)

Vulnerability from cvelistv5

Tags

Sightings

Nomenclature