Upstream information
Description
Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability.SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| National Vulnerability Database | |
|---|---|
| Base Score | 4.4 |
| Vector | CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L |
| Attack Vector | Physical |
| Attack Complexity | High |
| Privileges Required | Low |
| User Interaction | Required |
| Scope | Changed |
| Confidentiality Impact | Low |
| Integrity Impact | Low |
| Availability Impact | Low |
| CVSSv3 Version | 3.1 |
SUSE Timeline for this CVE
CVE page created: Thu Mar 30 22:00:45 2023CVE page last modified: Mon Apr 3 12:00:18 2023