Skip to content

App pin of the iOS app can be bypassed

Moderate
nickvergessen published GHSA-wjgg-2v4p-2gq6 Mar 30, 2023

Package

iOS (Nextcloud)

Affected versions

< 4.7.0

Patched versions

4.7.0

Description

Impact

When an attacker has physical access to an unlocked device, they could simply enable the integration into the iOS Files app and bypass the Nextcloud pin protection.

Patches

It is recommended that the Nextcloud iOS app is upgraded to 4.7.0

Workarounds

  • No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
4.4
/ 10

CVSS base metrics

Attack vector
Physical
Attack complexity
High
Privileges required
Low
User interaction
Required
Scope
Changed
Confidentiality
Low
Integrity
Low
Availability
Low
CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:L

CVE ID

CVE-2023-28647

Weaknesses

Credits