CVE-2024-38272 — MEDIUM (4.3)

Q: How severe is CVE-2024-38272?

CVE-2024-38272 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-38272?

Check the references section above for vendor advisories and patch information. Affected products include: Google Nearby.

Vulnerability Description

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above

CVSS Score

4.3

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

LOW

Availability

NONE

Affected Products

Vendor	Product	Versions
Google	Nearby	< 1.0.1724.0

Related Weaknesses (CWE)

CWE-294

References

https://github.com/google/nearby/pull/2402Issue TrackingPatch
https://github.com/google/nearby/pull/2589Issue TrackingPatch
https://github.com/google/nearby/pull/2402Issue TrackingPatch
https://github.com/google/nearby/pull/2589Issue TrackingPatch

FAQ

What is CVE-2024-38272?

CVE-2024-38272 is a vulnerability with a CVSS score of 4.3 (MEDIUM). There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the use...

How severe is CVE-2024-38272?

CVE-2024-38272 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-38272?

Check the references section above for vendor advisories and patch information. Affected products include: Google Nearby.