CVE-2024-38272

CWE-2943 documents3 sources
Severity
7.1HIGH
EPSS
0.0%
top 98.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Google Nearby
Timeline
PublishedJun 26

Description

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

CVSS vector

CVSS:4.0/AV:A/AC:H/AT:P/PR:L/UI:N/VC:H/VI:L/VA:L/SC:H/SI:L/SA:L

Affected Packages2 packages

CVEListV5google/nearby< 1.0.1724.0
NVDgoogle/nearby< 1.0.1724.0

Patches

Patch: github.comPatch: github.comPatch: github.com

🔴Vulnerability Details

2
CVEList
Auth Bypass in Quick Share2024-06-26
GHSA
GHSA-qf8r-gmh3-q7x2: There exists a vulnerability in Quickshare/Nearby where an attacker can bypass the accept file dialog on QuickShare Windows2024-06-26
CVE-2024-38272 (HIGH CVSS 7.1) | There exists a vulnerability in Qui | cvebase.io