App pin of the Android app can be bypassed via thirdparty apps generating deep links
Low
nickvergessen
published
GHSA-c3rf-94h6-vj8vMar 30, 2023
Package
Android
(Nextcloud)
Affected versions
>= 3.7.0
Patched versions
3.24.1
Description
Impact
An attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files.
Patches
It is recommended that the Nextcloud Android app is upgraded to 3.24.1
Impact
An attacker that has access to the unlocked physical device can bypass the Nextcloud Android Pin protection via a thirdparty app. This allows to see meta information like sharer, sharees and activity of files.
Patches
It is recommended that the Nextcloud Android app is upgraded to 3.24.1
Workarounds
References
For more information
If you have any questions or comments about this advisory: