CVE-2022-39210

2022-09-1700:15:09

CWE-200

CWE-22

GitHub_M

web.nvd.nist.gov

nextcloud

android

nextcloud app

security

vulnerability

cve-2022-39210

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

5.2

Confidence

High

EPSS

Percentile

9.9%

JSON

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

Affected configurations

Nvd

Vulners

Node

nextcloudnextcloudRange<3.21.0android

VendorProductVersionCPE
nextcloudnextcloud*cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

Vendor	Product	Version	CPE
nextcloud	nextcloud	*	cpe:2.3:a:nextcloud:nextcloud::::::android::*

CNA Affected

[
  {
    "product": "security-advisories",
    "vendor": "nextcloud",
    "versions": [
      {
        "status": "affected",
        "version": "< 3.21.0"
      }
    ]
  }
]