CVE-2024-38272

Опубликовано: 26 июн. 2024

Источник: nvd

CVSS3: 4.3

EPSS Низкий

Описание

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

Ссылки

https://github.com/google/nearby/pull/2402
Issue Tracking
Patch
https://github.com/google/nearby/pull/2589
Issue Tracking
Patch
https://github.com/google/nearby/pull/2402
Issue Tracking
Patch
https://github.com/google/nearby/pull/2589
Issue Tracking
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:google:nearby:*:*:*:*:*:*:*:*

Версия до 1.0.1724.0 (исключая)

EPSS

Процентиль: 2%

0.00012

Низкий

4.3 Medium

CVSS3

Дефекты

CWE-294

Связанные уязвимости

GHSA-qf8r-gmh3-q7x2

CVSS3: 4.3

github

больше 1 года назад

There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows. Normally in QuickShare Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quickshare or above

BDU:2025-05014

CVSS3: 7.1

fstec

почти 2 года назад

Уязвимость функции для передачи данных Nearby Share утилиты обмена данными между устройствами Google Quick Share, позволяющая нарушителю загружать произвольные файлы на устройство пользователя