GitHub_MCVELIST:CVE-2022-24885CVE-2022-24885 Improper Authentication in Nextcloud Android Files
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
34.5%
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.
CNA Affected
[
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "< 3.19.1"
}
]
}
]Related
CVSS3
Attack Vector
PHYSICAL
Attack Complexity
LOW
Privileges Required
HIGH
User Interaction
REQUIRED
Scope
CHANGED
Confidentiality Impact
LOW
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
AI Score
Confidence
High
EPSS
Percentile
34.5%