Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2022-39210: Access to internal files of the Nextcloud Android app from within the Nextcloud Android app

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

CVE
#android#perl

Package

Android (Nextcloud)

Affected versions

< 3.21.0

Description

Impact

Access to internal files of the Nextcloud Android app from within the Nextcloud Android app.

Patches

It is recommended that the Nextcloud Android app is upgraded to 3.21.0.

Workarounds

No workaround available

References

  • HackerOne
  • PullRequest

For more information

If you have any questions or comments about this advisory:

  • Create a post in nextcloud/security-advisories
  • Customers: Open a support ticket at support.nextcloud.com

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda