CVE-2022-29160
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.
Published
2022-05-20T16:15:09.350
Last Modified
2024-11-21T06:58:36.623
Status
Modified
Source
[email protected]
Severity
CVSSv3.1: 2.8 (LOW)
CVSSv2 Vector
AV:L/AC:L/Au:N/C:P/I:N/A:N
- Access Vector: LOCAL
- Access Complexity: LOW
- Authentication: NONE
- Confidentiality Impact: PARTIAL
- Integrity Impact: NONE
- Availability Impact: NONE
Exploitability Score
3.9
Impact Score
2.9
Weaknesses
-
Type: Secondary
CWE-284
-
Type: Primary
CWE-459
Affected Vendors & Products
| Type |
Vendor |
Product |
Version/Range |
Vulnerable? |
| Application |
nextcloud
|
nextcloud
|
< 3.19.0 |
Yes
|
References
-
https://github.com/nextcloud/android/pull/9644
Issue Tracking, Patch, Third Party Advisory
([email protected])
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2r
Issue Tracking, Third Party Advisory
([email protected])
-
https://hackerone.com/reports/1222873
Exploit, Issue Tracking, Third Party Advisory
([email protected])
-
https://github.com/nextcloud/android/pull/9644
Issue Tracking, Patch, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2r
Issue Tracking, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)
-
https://hackerone.com/reports/1222873
Exploit, Issue Tracking, Third Party Advisory
(af854a3a-2127-422b-91ae-364da2661108)