Skip to content

End to end encryption folder locking is not properly protected

Low
LukasReschke published GHSA-3829-45wm-ww36 Jun 1, 2021

Package

Nextcloud End-to-End Encryption

Affected versions

< 1.5.3, < 1.6.3, < 1.7.1

Patched versions

1.5.3, 1.6.3, 1.7.1

Description

Impact

The Nextcloud End-to-End Encryption app before 1.5.3, 1.6.3 and 1.7.1 allowed any authenticated users to lock files of other users. Resulting in a temporary denial of service attack.

Patches

It is recommended that the Nextcloud End-To-End Encryption App is upgraded to 1.5.3, 1.6.3 or 1.7.1.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-22906

Weaknesses

Credits