Medium severity6.9NVD Advisory· Published Apr 4, 2023· Updated Jun 17, 2026
CVE-2023-28999
CVE-2023-28999
Description
Nextcloud is an open-source productivity platform. In Nextcloud Desktop client 3.0.0 until 3.8.0, Nextcloud Android app 3.13.0 until 3.25.0, and Nextcloud iOS app 3.0.5 until 4.8.0, a malicious server administrator can gain full access to an end-to-end encrypted folder. They can decrypt files, recover the folder structure and add new files. This issue is fixed in Nextcloud Desktop 3.8.0, Nextcloud Android 3.25.0, and Nextcloud iOS 4.8.0. No known workarounds are available.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
5- Range: 3.0.0-3.8.0
- Range: 3.13.0-3.25.0
- Range: 3.0.5-4.8.0
- nextcloud/security-advisoriesv5Range: >= 3.0.0, < 3.8.0
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/desktop/pull/5560nvdPatchVendor Advisory
- ethz.ch/content/dam/ethz/special-interest/infk/inst-infsec/appliedcrypto/education/theses/report_DanieleCoppola.pdfnvdExploitTechnical DescriptionThird Party Advisory
- github.com/nextcloud/security-advisories/security/advisories/GHSA-8875-wxww-3rr8nvdVendor Advisory
News mentions
0No linked articles in our index yet.