Lucene search

GoogleVULNRICHMENT:CVE-2024-38272

HistoryJun 26, 2024 - 3:19 p.m.

CVE-2024-38272 Auth Bypass in Quickshare

2024-06-2615:19:31

CWE-294

Google

github.com

vulnerability

quickshare

nearby

bypass

accept file dialog

quickshare windows

upgrade

7.1 High

CVSS4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/SC:H/VI:L/SI:L/VA:L/SA:L

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows. Normally in QuickShare Windows app we can’t send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quickshare or above

CNA Affected

[
  {
    "repo": "https://github.com/google/nearby",
    "vendor": "Google",
    "product": "Nearby",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "1.0.1724.0",
        "versionType": "semver"
      }
    ],
    "collectionURL": "https://github.com/google/nearby",
    "defaultStatus": "unaffected"
  }
]

References

github.com/google/nearby/pull/2402

github.com/google/nearby/pull/2589

7.1 High

CVSS4

Attack Vector

ADJACENT

Attack Complexity

HIGH

Privileges Required

LOW

User Interaction

NONE

CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/SC:H/VI:L/SI:L/VA:L/SA:L

7.1 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

Related for VULNRICHMENT:CVE-2024-38272