CVE-2022-29160Improper Access Control in Security-advisories

CWE-284Improper Access ControlCWE-459Incomplete Cleanup2 documents2 sources
Severity
3.3LOWNVD
CNA2.8
EPSS
0.1%
top 78.55%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud
Timeline
PublishedMay 20

Description

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud< 3.19.0
CVEListV5nextcloud/security-advisories< 3.19.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Sensitive files/data exist after deletion of user account in Nextcloud Android2022-05-20
CVE-2022-29160 — Improper Access Control | cvebase