CVE-2022-24886

Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client

CVSS 2.2 LOWEPSS 0.4%CWE-200

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 2.2EPSS 0.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

27 abr 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.

CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Productos afectados

nextcloud · security-advisories

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/nextcloud/android/pull/9726 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmq https://hackerone.com/reports/1161401