CVE-2019-5452

Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.

CVSS v3 2.4 LOW
CVSS v2.0 2.1 LOW

2.4^/10

CVSS v3 : LOW

Vector :

Exploitability : 0.9 / Impact : 1.4

Attack Vector PHYSICAL

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://hackerone.com/reports/534541	Exploit Third Party Advisory
https://hackerone.com/reports/534541	Exploit Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

History

No history.

Information

Published : 2019-07-30 21:15

Updated : 2024-11-21 04:44

NVD link : CVE-2019-5452

Mitre link : CVE-2019-5452

CVE.ORG link : CVE-2019-5452

JSON object : View

Products Affected

nextcloud

nextcloud

CWE

CWE-284

Improper Access Control

NVD-CWE-Other

{"id": "CVE-2019-5452", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 2.4, "attackVector": "PHYSICAL", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 0.9}]}, "published": "2019-07-30T21:15:11.773", "references": [{"url": "https://hackerone.com/reports/534541", "tags": ["Exploit", "Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/534541", "tags": ["Exploit", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-284"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved."}, {"lang": "es", "value": "Una omisi\u00f3n de la protecci\u00f3n de bloqueo en la aplicaci\u00f3n de Android Nextcloud anterior a versi\u00f3n 3.6.2, causa un filtraci\u00f3n de im\u00e1genes miniaturas (thumbnails) cuando se solicita el proveedor de contenido de Android, aunque la protecci\u00f3n de bloqueo no fue resuelta."}], "lastModified": "2024-11-21T04:44:57.677", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "D765F28D-804A-491B-BF89-432E2EECB11F", "versionEndExcluding": "3.6.2"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}