Vulnerability Description
Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud | < 3.21.0 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/android/pull/10544PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gThird Party Advisory
- https://github.com/nextcloud/android/pull/10544PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gThird Party Advisory
FAQ
What is CVE-2022-39210?
CVE-2022-39210 is a vulnerability with a CVSS score of 3.2 (LOW). Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal fi...
How severe is CVE-2022-39210?
CVE-2022-39210 has been rated LOW with a CVSS base score of 3.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-39210?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud.