CVE-2021-32658

Опубликовано: 08 июн. 2021

Источник: nvd

CVSS3: 4.7

CVSS3: 4.6

CVSS2: 2.1

EPSS Низкий

Описание

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1

Ссылки

https://github.com/nextcloud/android/commit/355f3c745b464b741b20a3b96597303490c26333
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g5gf-rmhm-wpxw
Third Party Advisory
https://hackerone.com/reports/1189168
Exploit
Patch
Third Party Advisory
https://github.com/nextcloud/android/commit/355f3c745b464b741b20a3b96597303490c26333
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g5gf-rmhm-wpxw
Third Party Advisory
https://hackerone.com/reports/1189168
Exploit
Patch
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

Версия до 3.16.1 (исключая)

EPSS

Процентиль: 35%

0.00143

Низкий

4.7 Medium

CVSS3

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

CWE-212

EPSS

Процентиль: 35%

0.00143

Низкий

4.7 Medium

CVSS3

4.6 Medium

CVSS3

2.1 Low

CVSS2

Дефекты

CWE-200

CWE-212