CVE-2022-39210

Опубликовано: 17 сент. 2022

Источник: nvd

CVSS3: 3.2

CVSS3: 5.5

EPSS Низкий

Описание

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

Ссылки

https://github.com/nextcloud/android/pull/10544
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f
Third Party Advisory
https://github.com/nextcloud/android/pull/10544
Patch
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

Версия до 3.21.0 (исключая)

EPSS

Процентиль: 22%

0.0007

Низкий

3.2 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-22

EPSS

Процентиль: 22%

0.0007

Низкий

3.2 Low

CVSS3

5.5 Medium

CVSS3

Дефекты

CWE-22