CVE-2021-32695Sensitive Information Exposure in Security-advisories

CWE-200Sensitive Information Exposure2 documents2 sources
Severity
3.3LOWNVD
CNA3.9
EPSS
0.6%
top 31.13%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud
Timeline
PublishedJun 17

Description

Nextcloud Android app is the Android client for Nextcloud. In versions prior to 3.16.1, a malicious app on the same device could have gotten access to the shared preferences of the Nextcloud Android application. This required user-interaction as a victim had to initiate the sharing flow and choose the malicious app. The shared preferences contain some limited private data such as push tokens and the account name. The vulnerability is patched in version 3.16.1.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud< 3.16.1
CVEListV5nextcloud/security-advisories< 3.16.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Malicious Android app could access Shared Preferences of the Nextcloud Android client2021-06-17
CVE-2021-32695 — Sensitive Information Exposure | cvebase