4.3

CVE-2023-49790

EPSS 0.25%
Veröffentlicht 22.12.2023 17:15:08
Zuletzt bearbeitet 21.11.2024 08:33:50
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

App PIN code can be bypassed in Nextcloud Files iOS

App PIN code can be bypassed in Files iOS

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.

Mögliche Gegenmaßnahme

Files iOS: * No workaround available

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 7

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud SwPlatformiphone_os Version < 4.9.2

Weitere Schwachstelleninformationen

SystemNextcloud App

≫

Produkt Files iOS

Version < 4.9.2

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.25%	0.481

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	4.3	0.9	3.4	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
security-advisories@github.com	4.3	0.9	3.4	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-287 Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

https://github.com/nextcloud/ios/pull/2665

Patch

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv

Vendor Advisory

https://hackerone.com/reports/2245437

Third Party Advisory

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2023-49790

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-49790

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-49790

EUVD