Home > Vulnerability Database > CVE-2023-28646

Mend.io Vulnerability Database

CVE-2023-28646

Good to know:

Date: March 30, 2023

Nextcloud android is an android app for interfacing with the nextcloud home server ecosystem. In versions from 3.7.0 and before 3.24.1 an attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin/passcode protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files. It is recommended that the Nextcloud Android app is upgraded to 3.24.1. There are no known workarounds for this vulnerability.

Language: Java

Severity Score

4.4

Related Resources (4)

Url: https://github.com/nextcloud/android/pull/11242

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28646

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-c3rf-94h6-vj8v

Url: https://www.mend.io/vulnerability-database/CVE-2023-28646

Severity Score

4.4

Weakness Type (CWE)

Authentication Issues

CWE-287

Insufficient Information

NVD-CWE-noinfo

Improper Preservation of Permissions

CWE-281

Top Fix

Upgrade Version

Upgrade to version stable-3.24.0

Learn More

CVSS v3.1

Base Score:	4.4
Attack Vector (AV):	PHYSICAL
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28646

Good to know:

Date: March 30, 2023

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?