Lucene search

GitHub_MCVELIST:CVE-2023-49790

HistoryDec 22, 2023 - 4:19 p.m.

CVE-2023-49790 App PIN code can be bypassed in Nextcloud Files iOS

2023-12-2216:19:28

CWE-287

GitHub_M

www.cve.org

nextcloud

ios

files app

pin code

bypass

vulnerability

upgrade

patch

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.

CNA Affected

[
  {
    "vendor": "nextcloud",
    "product": "security-advisories",
    "versions": [
      {
        "version": "< 4.9.2",
        "status": "affected"
      }
    ]
  }
]

References

github.com/nextcloud/ios/pull/2665

github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv

hackerone.com/reports/2245437

4.3 Medium

CVSS3

Attack Vector

PHYSICAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

LOW

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

4.6 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

17.1%

JSON

Related for CVELIST:CVE-2023-49790