CVE-2022-24885Improper Authentication in Security-advisories

CWE-287Improper Authentication2 documents2 sources
Severity
2.4LOWNVD
CNA2.0
EPSS
0.1%
top 73.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud
Timeline
PublishedApr 27

Description

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.

CVSS vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 0.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud< 3.19.1
CVEListV5nextcloud/security-advisories< 3.19.1

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Improper Authentication in Nextcloud Android Files2022-04-27
CVE-2022-24885 — Improper Authentication | cvebase