25 results (0.013 seconds)

CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available. La aplicación Nextcloud iOS Files permite a los usuarios de iOS interactuar con Nextcloud, una plataforma de productividad autohospedada. • https://github.com/nextcloud/ios/pull/2665 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv https://hackerone.com/reports/2245437 • CWE-287: Improper Authentication •

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0

Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability. • https://github.com/nextcloud/ios/pull/2344 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-wjgg-2v4p-2gq6 • CWE-281: Improper Preservation of Permissions CWE-287: Improper Authentication •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. • https://github.com/nextcloud/android/pull/10544 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •

CVSS: 3.3EPSS: 0%CPEs: 1EXPL: 1

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available. • https://github.com/nextcloud/android/pull/9644 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2r https://hackerone.com/reports/1222873 • CWE-284: Improper Access Control CWE-459: Incomplete Cleanup •

CVSS: 3.8EPSS: 0%CPEs: 1EXPL: 0

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds. La aplicación Android de Nextcloud es el cliente Android para Nextcloud, una plataforma de productividad autoalojada. • https://github.com/nextcloud/android/pull/9726 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmq https://hackerone.com/reports/1161401 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor CWE-732: Incorrect Permission Assignment for Critical Resource •