Vulnerability Description
The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This issue can lead to information disclosure. Two databases, `filelist` and `owncloud_database`, are affected. In version 3.0, the `filelist` database was deprecated. However, injections affecting `owncloud_database` remain relevant as of version 3.0.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Owncloud | Owncloud Client | <= 3.0 |
Related Weaknesses (CWE)
References
- https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_AExploitThird Party Advisory
- https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_AExploitThird Party Advisory
FAQ
What is CVE-2023-23948?
CVE-2023-23948 is a vulnerability with a CVSS score of 6.2 (MEDIUM). The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in `FileContentProvider.kt`. This...
How severe is CVE-2023-23948?
CVE-2023-23948 has been rated MEDIUM with a CVSS base score of 6.2/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2023-23948?
Check the references section above for vendor advisories and patch information. Affected products include: Owncloud Owncloud Client.