PT-2022-24811 · Nextcloud · Nextcloud Android App

Luchua-Bc

Published

2022-09-16

Updated

2022-09-21

CVE-2022-39210

CVSS v3.1

3.2

Low

Vector

AV:L/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Android versions prior to 3.21.0

Description The Nextcloud Android app has a issue where internal paths to its files are not properly protected, allowing access to internal files from within the app. This could lead to a leak of sensitive information in some cases.

Recommendations For versions prior to 3.21.0, upgrade to version 3.21.0 to resolve the issue. At the moment, there is no information about other workarounds for this issue.

Exploit

Fix

Path traversal

Information Disclosure

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22CWE-200

Related Identifiers

CVE-2022-39210

GHSA-VW2W-GPCV-V39F

Affected Products

Nextcloud Android App

PT-2022-24811 · Nextcloud · Nextcloud Android App

CVE-2022-39210

Weakness Enumeration

Related Identifiers

Affected Products

References · 6