CVE-2024-46958

Summary

CVE-2024-46958 identifies a critical vulnerability in Nextcloud Desktop Client versions 3.13.1 to 3.13.3 on Linux, where synchronized files may become world writable or world readable, compromising data integrity and confidentiality. The flaw poses significant risks to organizations as it allows unauthorized access to sensitive files without requiring user interaction or special privileges, potentially leading to data breaches. Remediation is available by updating the software to version 3.13.4, which addresses the vulnerability. The vulnerability has a CVSS base score of 9.1, indicating a high severity level, and an exploitability score of 3.9, reflecting its potential impact on affected systems. Organizations using these affected versions are advised to implement the update promptly to mitigate risks associated with this vulnerability.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.