CVE-2021-32695

Опубликовано: 17 июн. 2021

Источник: nvd

CVSS3: 3.9

CVSS3: 3.3

CVSS2: 4.3

EPSS Низкий

Описание

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.

Ссылки

https://github.com/nextcloud/android/pull/8433
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-25m9-cf6c-qf2c
Third Party Advisory
https://hackerone.com/reports/1142918
Exploit
Third Party Advisory
https://github.com/nextcloud/android/pull/8433
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-25m9-cf6c-qf2c
Third Party Advisory
https://hackerone.com/reports/1142918
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

Версия до 3.16.1 (исключая)

EPSS

Процентиль: 51%

0.0028

Низкий

3.9 Low

CVSS3

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo

EPSS

Процентиль: 51%

0.0028

Низкий

3.9 Low

CVSS3

3.3 Low

CVSS3

4.3 Medium

CVSS2

Дефекты

CWE-200

NVD-CWE-noinfo