Lucene search

NextcloudGHSA-H2GM-M374-99VC

HistoryJun 17, 2021 - 10:30 a.m.

Malicious Android application can crash the Nextcloud Android Client

2021-06-1710:30:25

github.com

malicious android app

nextcloud

client crash

upgrade

hackerone

pull request

security advisories

support

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.7%

JSON

Description

Impact

A malicious application on the same device is possible to crash the Nextcloud Android Client due to an uncaught exception.

Patches

It is recommended that the Nextcloud Android App is upgraded to 3.15.1.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Create a post in nextcloud/security-advisories
Customers: Open a support ticket at support.nextcloud.com

References

github.com/nextcloud/android/pull/7919

hackerone.com/reports/859136

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

EPSS

0.001

Percentile

46.7%

JSON

Related for GHSA-H2GM-M374-99VC