CVE-2019-5453
First published: Tue Jul 30 2019(Updated: )
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud | <=3.2.4 | |
| Nextcloud Nextcloud | =3.3.0-rc1 | |
| Nextcloud Nextcloud | =3.3.0-rc2 | |
| Nextcloud Nextcloud | =3.3.0-rc3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2019-5453?
CVE-2019-5453 is a vulnerability that allows bypassing lock protection in the Nextcloud Android app prior to version 3.3.0.
How can the Nextcloud Android app be affected by CVE-2019-5453?
The Nextcloud Android app versions up to 3.2.4, 3.3.0-rc1, 3.3.0-rc2, and 3.3.0-rc3 are affected by CVE-2019-5453.
What is the severity of CVE-2019-5453?
CVE-2019-5453 has a severity level of medium with a CVSS score of 6.1.
How can I access files bypassing lock protection in the Nextcloud Android app?
To access files bypassing lock protection in the Nextcloud Android app, you can switch to the Nextcloud file provider when prompted for lock protection.
How can I fix CVE-2019-5453 in the Nextcloud Android app?
To fix CVE-2019-5453 in the Nextcloud Android app, update to version 3.3.0 or higher.
- collector/nvd-index
- agent/weakness
- agent/severity
- agent/author
- agent/type
- agent/references
- agent/description
- agent/tags
- agent/event
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- vendor/nextcloud
- canonical/nextcloud nextcloud
- version/nextcloud nextcloud/3.2.4
- version/nextcloud nextcloud/3.3.0-rc1
- version/nextcloud nextcloud/3.3.0-rc2
- version/nextcloud nextcloud/3.3.0-rc3