CVE-2022-24885

Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.
Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*

History

21 Nov 2024, 06:51

Type Values Removed Values Added
CVSS v2 : 2.1
v3 : 2.4
v2 : 2.1
v3 : 2.0
References () https://github.com/nextcloud/android/pull/9816 - Patch, Third Party Advisory () https://github.com/nextcloud/android/pull/9816 - Patch, Third Party Advisory
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-32j4-9xf3-h2mg - Third Party Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-32j4-9xf3-h2mg - Third Party Advisory
References () https://hackerone.com/reports/1450368 - Exploit, Third Party Advisory () https://hackerone.com/reports/1450368 - Exploit, Third Party Advisory

06 May 2022, 20:52

Type Values Removed Values Added
CPE cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*
CWE CWE-287
CVSS v2 : unknown
v3 : unknown
v2 : 2.1
v3 : 2.4
References (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-32j4-9xf3-h2mg - (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-32j4-9xf3-h2mg - Third Party Advisory
References (MISC) https://hackerone.com/reports/1450368 - (MISC) https://hackerone.com/reports/1450368 - Exploit, Third Party Advisory
References (MISC) https://github.com/nextcloud/android/pull/9816 - (MISC) https://github.com/nextcloud/android/pull/9816 - Patch, Third Party Advisory

27 Apr 2022, 14:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-04-27 14:15

Updated : 2024-11-21 06:51


NVD link : CVE-2022-24885

Mitre link : CVE-2022-24885

CVE.ORG link : CVE-2022-24885


JSON object : View

Products Affected

nextcloud

  • nextcloud
CWE
CWE-287

Improper Authentication