CVE-2019-5453
MEDIUM severity · CVSS 6.1 · CWE-288
6.1CVSS MEDIUM
Summary
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
Impact & exploitability
Attack vectorPhysical
Attack complexityLow
Privileges requiredNone
User interactionNone
Confidentiality impactHigh
Integrity impactHigh
Availability impactNone
Exploit probability (EPSS)0%
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Affected products we track (1)
Recommendation
Apply the vendor fix in your normal patch cycle. Open any affected product above for its exact safe version.