CVE-2019-5453

Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
References
Link Resource
https://hackerone.com/reports/331489 Exploit Third Party Advisory
https://hackerone.com/reports/331489 Exploit Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*
cpe:2.3:a:nextcloud:nextcloud:3.3.0:rc1:*:*:*:android:*:*
cpe:2.3:a:nextcloud:nextcloud:3.3.0:rc2:*:*:*:android:*:*
cpe:2.3:a:nextcloud:nextcloud:3.3.0:rc3:*:*:*:android:*:*

History

21 Nov 2024, 04:44

Type Values Removed Values Added
References () https://hackerone.com/reports/331489 - Exploit, Third Party Advisory () https://hackerone.com/reports/331489 - Exploit, Third Party Advisory

Information

Published : 2019-07-30 21:15

Updated : 2024-11-21 04:44


NVD link : CVE-2019-5453

Mitre link : CVE-2019-5453

CVE.ORG link : CVE-2019-5453


JSON object : View

Products Affected

nextcloud

  • nextcloud
CWE
CWE-288

Authentication Bypass Using an Alternate Path or Channel

CWE-287

Improper Authentication