CVE-2021-37617: 
Nextcloud Desktop Client vulnerability analysis and mitigation

The Nextcloud Desktop Client, a tool for synchronizing files from Nextcloud Server with a computer, contained a security vulnerability (CVE-2021-37617) affecting versions 3.0.3 through 3.2.4. The vulnerability was discovered and disclosed in August 2021, where the client would search for the Uninstall.exe file in a folder that could be written by regular users during installation (Nextcloud Advisory).

The vulnerability stems from an untrusted search path element where the Desktop Client would invoke its uninstaller script during installation to remove remnants of previous installations. The critical flaw was that the client searched for the Uninstall.exe file in a user-writable location. The vulnerability has been assigned a CVSS v3.1 base score of 7.3 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow a malicious user to create a malicious Uninstall.exe file, which would then be executed with administrative privileges during the Nextcloud Desktop Client installation process (Nextcloud Advisory).

The vulnerability was patched in Nextcloud Desktop Client version 3.3.0. For users unable to upgrade immediately, two workarounds were recommended: 1) Prevent untrusted users from creating content in the C:\ system folder, and 2) Verify that there is no malicious C:\Uninstall.exe file present on the system (Nextcloud Advisory).