Lucene search

[email protected]NVD:CVE-2022-39210

HistorySep 17, 2022 - 12:15 a.m.

CVE-2022-39210

2022-09-1700:15:09

CWE-200

CWE-22

[email protected]

web.nvd.nist.gov

nextcloud

android

internal files

sensitive information

upgrade

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.9%

JSON

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

Affected configurations

Nvd

Node

nextcloudnextcloudRange<3.21.0android

VendorProductVersionCPE
nextcloudnextcloud*cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
nextcloud	nextcloud	*	cpe:2.3:a:nextcloud:nextcloud::::::android::*

References

github.com/nextcloud/android/pull/10544

github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

EPSS

Percentile

9.9%

JSON

Related for NVD:CVE-2022-39210

cve1 cvelist1 hackerone1 nextcloud1 prion1 osv1