CVE-2021-32695 Information
Jun 07, 2022
cve
Description
Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1 a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.
CVSS Vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
Reference
https://hackerone.com/reports/1142918 https://github.com/nextcloud/android/pull/8433 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-25m9-cf6c-qf2c
Attack Complexity
LOW
Privileges Required
NONE
User Interaction Required
NONE
Scope
REQUIRED
Confidentiality Impact
UNCHANGED
Integrity Impact
LOW
Availability Impact
NONE
Base Score
NONE
Base Severity
3.3
Share on: