CVE-2022-39210Path Traversal in Security-advisories

CWE-22Path TraversalCWE-200Sensitive Information Exposure2 documents2 sources
Severity
5.5MEDIUMNVD
CNA3.2
EPSS
0.1%
top 72.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud
Timeline
Latest updateSep 16
PublishedSep 17

Description

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/nextcloud< 3.21.0
CVEListV5nextcloud/security-advisories< 3.21.0

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Access to internal files of the Nextcloud Android app2022-09-16
CVE-2022-39210 — Path Traversal in Security-advisories | cvebase