CNNVD-202512-651 Information
CNNVD ID
CNNVD-202512-651
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
Nextcloud Desktop Client是Nextcloud GmbH的一个开源的文件同步和共享工具。 Nextcloud Desktop Client 3.16.5之前版本存在安全漏洞,该漏洞源于端到端加密目录中文件路径未加密发送,可能导致信息泄露。
Description (English)
Nextcloud Desktop Clinic is an open-source file synchronization and sharing tool for Nextcloud GmbH. There is a security loophole in the previous version of Nextcloud Desktop Clinic 3.16.5, which stems from the unencrypted transmission of the file path in the end-to-end encrypted directory, which may lead to a leak of information.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Nextcloud GmbH
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/desktop/commit/36d6c234d42b06a6f2e9de3e413a5c3c625edad6 https://github.com/nextcloud/desktop/pull/8330 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-h9xj-qh76-q3hw https://hackerone.com/reports/3159877
Patch
https://nextcloud.com/install/
Share on: