CVE-2022-39331

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-39331

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-39331.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2022-39331

Related

Published

2022-11-25T19:15:11Z

Modified

2025-01-08T08:57:44.432889Z

Downstream

openSUSE-SU-2023:0171-1

openSUSE-SU-2023:0090-1

Severity

5.4 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N CVSS Calculator

Summary

[none]

Details

Nexcloud desktop is the Desktop sync client for Nextcloud. An attacker can inject arbitrary HyperText Markup Language into the Desktop Client application in the notifications. It is recommended that the Nextcloud Desktop client is upgraded to 3.6.1. There are no known workarounds for this issue.

References

Affected packages

Debian:11 / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/debian/nextcloud-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.1.1-2

3.1.1-2+deb11u1

3.3.1-1

3.3.1-2

3.3.3-1

3.3.5-1

3.4.2-1

3.5.1-1

3.5.1-2

3.5.4-1

3.6.0-1

3.6.0-2

3.6.1-1

3.6.4-1

3.7.0-1

3.7.0-2

3.7.3-1

3.9.0-1

3.10.0-1

3.11.0-1

3.11.0-1.1~exp1

3.11.0-1.1

3.13.2-1

3.13.2-2

3.14.1-1

3.15.0-1

3.15.2-1

3.15.2-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/debian/nextcloud-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / nextcloud-desktop

Package

Name: nextcloud-desktop
Purl: pkg:deb/debian/nextcloud-desktop?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.6.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/nextcloud/desktop

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/desktop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

5dfc0caab65080b4c3c8c3ac42bac766c11ea28c

Affected versions

csync-0.*

csync-0.50.0

Other

e2e-tech-preview-1

v0.*

v0.0.2

v1.*

v1.1.0

v1.1.0-beta1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0

v1.3.0-beta1

v1.3.0-beta2

v1.3.0-beta3

v1.3.0-beta4

v1.4.0

v1.4.0-beta1

v1.4.0-beta2

v1.4.0-rc1

v1.4.1

v1.5.0

v1.5.0-beta1

v1.5.0-beta1-2nd

v1.5.0-beta2

v1.5.0-beta3

v1.5.1

v1.5.1-rc1

v1.5.2

v1.5.3

v1.5.3-rc1

v1.6.0

v1.6.0-beta1

v1.6.0-beta2

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.6.1

v1.6.1-rc1

v1.6.2

v1.6.2-rc1

v1.6.2-rc2

v1.6.2-themefix

v1.7.0

v1.7.0-alpha1

v1.7.0-beta1

v1.7.0-beta2

v1.7.0-beta3

v1.7.0-beta4

v1.7.0-rc1

v1.7.0beta1

v1.7.0beta2

v1.7.1-beta1

v1.7.1-rc1

v1.8.0

v1.8.0-beta1

v1.8.0-beta1a

v1.8.0-beta2

v1.8.0-rc1

v1.8.0rc1

v1.8.1

v1.8.1-beta1

v1.8.1-rc1

v1.8.1-rc2

v1.8.2

v1.8.2-beta1

v1.8.2-rc1

v1.8.3

v1.8.3-rc1

v1.8.3-rc2

v1.8.3-rc3

v2.*

v2.0.0

v2.0.0-beta2

v2.0.0-rc2

v2.0.1

v2.0.2

v2.0.2-oem

v2.0.2-rc1

v2.0.2-rc2

v2.5.0

v2.5.0-beta1

v2.5.0-beta2

v2.5.0-rc1

v2.5.0-rc2

v2.5.1

v2.5.2

v2.5.2-rc1

v2.5.3-rc1

v2.5.3-rc2

v2.7.0-beta1

v2.7.0-beta2

v2.7.0-beta3

v2.7.0-rc1

v3.*

v3.1.0

v3.1.0-rc1

v3.1.0-rc2

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.3.0

v3.3.0-rc1

v3.3.0-rc2

v3.4.0-do-not-use

v3.4.0-rc1

v3.4.0-rc2

v3.5.0

v3.5.0-rc1

v3.5.0-rc2

v3.5.0-rc3

v3.5.0-rc4

v3.6.0

v3.6.0-rc1

v3.6.0-rc2