← voltar
CVE-2022-24886

Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client

CVSS 2.2 LOWEPSS 0.4%CWE-200
Vexday Risk Score
8Baixo
Decisão SSVC (CISA)
Track
Sem sinal de exploração → monitorar
CVSS 2.2EPSS 0.4%KEV nãoPoC Nuclei Metasploit Patch
Ciclo de vida
27 abr 2022Publicada no NVD
Recomendação: Monitorar — sem sinal de exploração no momento.
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Produtos afetados
nextcloud · security-advisories

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →
Referências
https://github.com/nextcloud/android/pull/9726https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmqhttps://hackerone.com/reports/1161401