CVE-2024-37885

The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. A code injection in Nextcloud Desktop Client for macOS allowed to load arbitrary code when starting the client with DYLD_INSERT_LIBRARIES set in the enviroment. It is recommended that the Nextcloud Desktop client is upgraded to 3.12.0.
Configurations

Configuration 1 (hide)

AND
cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*

History

21 Nov 2024, 09:24

Type Values Removed Values Added
References () https://github.com/nextcloud/desktop/pull/6378 - Patch () https://github.com/nextcloud/desktop/pull/6378 - Patch
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7 - Patch, Third Party Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7 - Patch, Third Party Advisory
References () https://hackerone.com/reports/2307625 - Issue Tracking () https://hackerone.com/reports/2307625 - Issue Tracking
CVSS v2 : unknown
v3 : 7.8
v2 : unknown
v3 : 3.8

19 Aug 2024, 16:10

Type Values Removed Values Added
References () https://github.com/nextcloud/desktop/pull/6378 - () https://github.com/nextcloud/desktop/pull/6378 - Patch
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7 - () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-4mf7-v63m-99p7 - Patch, Third Party Advisory
References () https://hackerone.com/reports/2307625 - () https://hackerone.com/reports/2307625 - Issue Tracking
CVSS v2 : unknown
v3 : 3.8
v2 : unknown
v3 : 7.8
CPE cpe:2.3:a:nextcloud:desktop:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:-:*:*:*:*:*:*:*
First Time Apple macos
Nextcloud desktop
Apple
Nextcloud

17 Jun 2024, 12:42

Type Values Removed Values Added
Summary
  • (es) Nextcloud Desktop Client es una herramienta para sincronizar archivos desde Nextcloud Server con su computadora. Una inyección de código en Nextcloud Desktop Client para macOS permitió cargar código arbitrario al iniciar el cliente con DYLD_INSERT_LIBRARIES configurado en el entorno. Se recomienda actualizar el cliente de escritorio Nextcloud a 3.12.0.

14 Jun 2024, 16:15

Type Values Removed Values Added
New CVE

Information

Published : 2024-06-14 16:15

Updated : 2024-11-21 09:24


NVD link : CVE-2024-37885

Mitre link : CVE-2024-37885

CVE.ORG link : CVE-2024-37885


JSON object : View

Products Affected

apple

  • macos

nextcloud

  • desktop
CWE
CWE-94

Improper Control of Generation of Code ('Code Injection')