CVE-2022-24886

CVSS v3.1

2.2

Low

Vector

AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Android app versions prior to 3.19.0

Description The issue allows any application with notification permission to access contacts if Nextcloud has access to Contacts, without the application needing to apply for the Contacts permission itself. There are currently no known workarounds for this issue.

Recommendations For versions prior to 3.19.0, update to version 3.19.0 to resolve the issue.

Exploit

Fix

Information Disclosure

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-200CWE-732

Related Identifiers

CVE-2022-24886

GHSA-5CJ3-V98R-2WMQ

Affected Products

Nextcloud Android App

CVE-2022-24886

Weakness Enumeration

Related Identifiers

Affected Products

References · 7