CVE-2022-39210

Access to internal files of the Nextcloud Android app

CVSS 3.2 LOWEPSS 0.3%CWE-200 CWE-22

Vexday Risk Score

8Bajo

Decisión SSVC (CISA)

Track

Sin señal de explotación → monitorear

CVSS 3.2EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —

Ciclo de vida

16 sep 2022Publicada en NVD

Recomendación: Monitorear — sin señal de explotación por ahora.

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Productos afectados

nextcloud · security-advisories

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/nextcloud/android/pull/10544 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f