Headline
CVE-2022-41882: Require token for local editing by nickvergessen · Pull Request #34559 · nextcloud/server
The Nextcloud Desktop Client is a tool to synchronize files from Nextcloud Server with your computer. In version 3.6.0, if a user received a malicious file share and has it synced locally or the virtual filesystem enabled and clicked a nc://open/ link it will open the default editor for the file type of the shared file, which on Windows can also sometimes mean that a file depending on the type, e.g. "vbs", is being executed. It is recommended that the Nextcloud Desktop client is upgraded to version 3.6.1. As a workaround, users can block the Nextcloud Desktop client 3.6.0 by setting the minimum.supported.desktop.version system config to 3.6.1 on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing files can still be used. Another workaround would be to enforce shares to be accepted by setting the sharing.force_share_accept system config to true on the server, so new files designed to use this attack vector are not downloaded anymore. Already existing shares can still be abused.
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Conversation 10 Commits 5 Checks 28 Files changed
Conversation
Signed-off-by: Joas Schilling [email protected]
Signed-off-by: Joas Schilling [email protected]
Signed-off-by: Joas Schilling [email protected]
Signed-off-by: Joas Schilling [email protected]
Signed-off-by: Joas Schilling [email protected]
nickvergessen changed the title Bugfix/noid/require token for local editing Require token for local editing
Oct 12, 2022
Copy link
Member
** PVince81 left a comment**
$pathHash = sha1($path);
$entity = new OpenLocalEditor();
$entity->setUserId($this->userId);
Check notice
Code scanning / Psalm
PossiblyNullArgument Note
Argument 1 of setUserId cannot be null, possibly null value provided
$pathHash = sha1($path);
try {
$entity = $this->mapper->verifyToken($this->userId, $pathHash, $token);
Check notice
Code scanning / Psalm
PossiblyNullArgument Note
Argument 1 of OCA\Files\Db\OpenLocalEditorMapper::verifyToken cannot be null, possibly null value provided
*/
class OpenLocalEditor extends Entity {
/** @var string */
protected $userId;
Check notice
Code scanning / Psalm
PropertyNotSetInConstructor Note
Property OCA\Files\Db\OpenLocalEditor::$userId is not defined in constructor of OCA\Files\Db\OpenLocalEditor or in any methods called in the constructor
protected $userId;
/** @var string */
protected $pathHash;
Check notice
Code scanning / Psalm
PropertyNotSetInConstructor Note
Property OCA\Files\Db\OpenLocalEditor::$pathHash is not defined in constructor of OCA\Files\Db\OpenLocalEditor or in any methods called in the constructor
protected $pathHash;
/** @var int */
protected $expirationTime;
Check notice
Code scanning / Psalm
PropertyNotSetInConstructor Note
Property OCA\Files\Db\OpenLocalEditor::$expirationTime is not defined in constructor of OCA\Files\Db\OpenLocalEditor or in any methods called in the constructor
protected $expirationTime;
/** @var string */
protected $token;
Check notice
Code scanning / Psalm
PropertyNotSetInConstructor Note
Property OCA\Files\Db\OpenLocalEditor::$token is not defined in constructor of OCA\Files\Db\OpenLocalEditor or in any methods called in the constructor
* @throws MultipleObjectsReturnedException
* @throws Exception
*/
public function verifyToken(string $userId, string $pathHash, string $token): OpenLocalEditor {
Check notice
Code scanning / Psalm
MoreSpecificReturnType Note
The declared return type ‘OCA\Files\Db\OpenLocalEditor’ for OCA\Files\Db\OpenLocalEditorMapper::verifyToken is more specific than the inferred return type ‘OCP\AppFramework\Db\Entity’
->andWhere($qb->expr()->eq('path_hash’, $qb->createNamedParameter($pathHash)))
->andWhere($qb->expr()->eq('token’, $qb->createNamedParameter($token)));
return $this->findEntity($qb);
Check notice
Code scanning / Psalm
LessSpecificReturnStatement Note
The type ‘OCP\AppFramework\Db\Entity’ is more general than the declared return type ‘OCA\Files\Db\OpenLocalEditor’ for OCA\Files\Db\OpenLocalEditorMapper::verifyToken
nickvergessen deleted the bugfix/noid/require-token-for-local-editing branch
Oct 12, 2022