CVE-2023-28647
First published: Thu Mar 30 2023(Updated: )
Nextcloud iOS is an ios application used to interface with the nextcloud home cloud ecosystem. In versions prior to 4.7.0 when an attacker has physical access to an unlocked device, they may enable the integration into the iOS Files app and bypass the Nextcloud pin/password protection and gain access to a users files. It is recommended that the Nextcloud iOS app is upgraded to 4.7.0. There are no known workarounds for this vulnerability.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud | <4.7.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2023-28647?
CVE-2023-28647 is a vulnerability in Nextcloud iOS versions prior to 4.7.0 that allows an attacker with physical access to bypass the pin/password protection and gain unauthorized access.
How can an attacker exploit CVE-2023-28647?
An attacker can exploit CVE-2023-28647 by enabling integration into the iOS Files app on an unlocked device, bypassing the Nextcloud pin/password protection.
What is the severity of CVE-2023-28647?
CVE-2023-28647 has a severity rating of medium with a CVSS score of 6.8.
Is there a fix available for CVE-2023-28647?
Yes, the fix for CVE-2023-28647 is included in Nextcloud iOS version 4.7.0 and above.
Where can I find more information about CVE-2023-28647?
You can find more information about CVE-2023-28647 in the following references: [1] [2]
- collector/nvd-index
- agent/severity
- agent/author
- agent/type
- agent/event
- agent/references
- agent/weakness
- agent/tags
- agent/description
- agent/softwarecombine
- agent/first-publish-date
- agent/last-modified-date
- agent/remedy
- vendor/nextcloud
- canonical/nextcloud nextcloud