PT-2020-1317 · Microsoft · Onedrive App For Android

Pitawat Nantamanop

Published

2020-01-14

Updated

2021-07-21

CVE-2020-0654

CVSS v2.0

7.2

High

Vector

AV:L/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Microsoft OneDrive App for Android (affected versions not specified)

Description The issue is related to a security feature bypass in the Microsoft OneDrive App for Android, which can be exploited to bypass passcode or fingerprint requirements. This could potentially allow an attacker to elevate their privileges. The security update corrects how the app handles sharing links.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-254

Related Identifiers

BDU:2020-00218

CVE-2020-0654

Affected Products

Onedrive App For Android

PT-2020-1317 · Microsoft · Onedrive App For Android

CVE-2020-0654

Weakness Enumeration

Related Identifiers

Affected Products

References · 4