Abaker

**Name of the Vulnerable Software and Affected Versions** Tasks.org versions prior to 12.7.1 Tasks.org versions prior to 13.0.1 **Description** The Tasks.org Android app has a sensitive information disclosure issue. The app's `ShareLinkActivity.kt` activity handles "share" intents and may copy files from internal storage to external storage if the file paths in the intents are not validated. This allows malicious applications on the same device to access sensitive information, including notes, preferences, and encrypted CalDav integration credentials. **Recommendations** For versions prior to 12.7.1, update to version 12.7.1 or later. For versions prior to 13.0.1, update to version 13.0.1 or later.