CVE-2022-39349

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Tasks.org versions prior to 12.7.1 Tasks.org versions prior to 13.0.1

Description The Tasks.org Android app has a sensitive information disclosure issue. The app's ShareLinkActivity.kt activity handles "share" intents and may copy files from internal storage to external storage if the file paths in the intents are not validated. This allows malicious applications on the same device to access sensitive information, including notes, preferences, and encrypted CalDav integration credentials.

Recommendations For versions prior to 12.7.1, update to version 12.7.1 or later. For versions prior to 13.0.1, update to version 13.0.1 or later.

Exploit

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668CWE-441

Related Identifiers

CVE-2022-39349

GHSA-8X58-CG74-8JG8

Affected Products

Tasks.Org

CVE-2022-39349

Weakness Enumeration

Related Identifiers

Affected Products

References · 5