Home > Vulnerability Database > CVE-2022-39210

Mend.io Vulnerability Database

CVE-2022-39210

Date: September 16, 2022

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

Language: Java

Severity Score

3.2

Related Resources (4)

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-vw2w-gpcv-v39f

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39210

Url: https://github.com/nextcloud/android/pull/10544

Url: https://www.mend.io/vulnerability-database/CVE-2022-39210

Severity Score

3.2

Weakness Type (CWE)

Exposure of Sensitive Information to an Unauthorized Actor

CWE-200

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-22

CVSS v3.1

Base Score:	3.2
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	REQUIRED
Scope (S):	CHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39210

Date: September 16, 2022

Language: Java

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?