CSRF vulnerability in Nextcloud Desktop Client on Windows when clicking malicious link
Moderate
nickvergessen
published
GHSA-4gfv-xqpx-42qjJan 9, 2023
Package
Desktop
(Nextcloud)
Affected versions
3.6.1
Patched versions
3.6.2
Description
Impact
It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc)
Patches
It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2
Impact
It is possible to make a user send any POST request with an arbitrary body given they click on a malicious deep link on a Windows computer. (e.g. in an email, chat link, etc)
Patches
It is recommended that the Nextcloud Desktop client is upgraded to 3.6.2
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: