CVE-2021-32695

Exploit

EPSS 0.58%
Veröffentlicht 17.06.2021 21:15:07
Zuletzt bearbeitet 21.11.2024 06:07:32
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Malicious Android app could access Shared Preferences of the Nextcloud Android client

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.

Mögliche Gegenmaßnahme

Nextcloud Android Client: None.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud SwPlatformandroid Version < 3.16.1

Weitere Schwachstelleninformationen

SystemNextcloud App

≫

Produkt Nextcloud Android Client

Version < 3.16.1

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.58%	0.684

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
nvd@nist.gov	4.3	8.6	2.9	AV:N/AC:M/Au:N/C:P/I:N/A:N
security-advisories@github.com	3.9	0.5	3.4	CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:U/C:L/I:L/A:L