CVE-2020-0654Improper Privilege Management in Microsoft ONE Drive FOR Android

CWE-269Improper Privilege Management5 documents4 sources
Severity
9.1CRITICALNVD
EPSS
11.9%
top 6.22%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Microsoft ONE Drive FOR AndroidMsrc Onedrive FOR Android
Timeline
PublishedJan 14
Latest updateMay 24

Description

A security feature bypass vulnerability exists in Microsoft OneDrive App for Android.This could allow an attacker to bypass the passcode or fingerprint requirements of the App.The security update addresses the vulnerability by correcting the way Microsoft OneDrive App for Android handles sharing links., aka 'Microsoft OneDrive for Android Security Feature Bypass Vulnerability'.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:NExploitability: 3.9 | Impact: 5.2

Affected Packages2 packages

CVEListV5microsoft/one_drive_for_androidunspecified

Patches

Patch: portal.msrc.microsoft.comPatch: portal.msrc.microsoft.com

🔴Vulnerability Details

1
GHSA
GHSA-wrvq-g9w5-f3jj: A security feature bypass vulnerability exists in Microsoft OneDrive App for Android2022-05-24

📋Vendor Advisories

1
Microsoft
Microsoft OneDrive for Android Security Feature Bypass Vulnerability2020-01-14

🕵️Threat Intelligence

2
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage2020-01-14
Talos
Microsoft Patch Tuesday — Jan. 2020: Vulnerability disclosures and Snort coverage2020-01-14