Описание
Microsoft OneDrive for Android Information Disclosure Vulnerability
FAQ
According to the CVSS metric, the attack vector is local (AV:L). Why does the CVE title indicate that this is information disclosure?
The attack itself is carried out locally. For example, when the score indicates that the Attack Vector is Local (AV:L) and User Interaction is Required (UI:R), this could describe an exploit in which an attacker, through social engineering, convinces a victim to download and run a malicious application. This could lead to a local attack on the user's device which could leak data.
How do I get the update for OneDrive for Android?
- Tap the Google Play icon on your home screen.
- Swipe in from the left edge of the screen.
- Tap My apps & games.
- Tap the Update box next to the OneDrive app.
Is there a direct link on the web?
Yes: https://play.google.com/store/apps/details?id=com.microsoft.skydrive&hl=en_US
According to the CVSS metric, successful exploitation of this vulnerability could lead to total loss of confidentiality (C:H)? What does that mean for this vulnerability?
This vulnerability could disclose Android/local URIs, to which OneDrive has been granted access, to the attacker.
Возможность эксплуатации
Publicly Disclosed
Exploited
Latest Software Release
DOS
EPSS
5.5 Medium
CVSS3
Связанные уязвимости
Microsoft OneDrive for Android Information Disclosure Vulnerability
Microsoft OneDrive for Android Information Disclosure Vulnerability
Уязвимость службы размещения файлов OneDrive for Android, связанная с отсутствием защиты служебных данных, позволяющая нарушителю получить доступ к защищаемой информации
EPSS
5.5 Medium
CVSS3