CVE-2023-23948

Name of the Vulnerable Software and Affected Versions ownCloud Android app version 2.21.1 ownCloud Android app versions 3.0 and earlier

Description The ownCloud Android app is affected by a SQL injection issue in FileContentProvider.kt, which can lead to information disclosure. Two databases, filelist and owncloud database, are impacted. Although the filelist database was deprecated in version 3.0, injections affecting owncloud database remain relevant as of version 3.0.

Recommendations For version 2.21.1, consider updating to a version where the SQL injection issue in FileContentProvider.kt is fixed. For versions 3.0 and earlier, restrict access to the owncloud database to minimize the risk of exploitation until a patch is available. As a temporary workaround, consider disabling the FileContentProvider.kt function until a patch is available.