Skip to content

Permission bypass in DiskLruImageCacheFileProvider (GHSL-2021-1008)

Low
nickvergessen published GHSA-wrwg-jwpg-r3c4 Jan 26, 2022

Package

Android (Nextcloud)

Affected versions

< 3.17.1

Patched versions

3.17.1

Description

Impact

This issue may lead to sensitive information disclosure, in the case a thumbnail contains sensitive data (although the chances are low), even if the attacker app does not have the otherwise required MANAGE_DOCUMENTS permission.

Patches

It is recommended that the Nextcloud Android App is upgraded to 3.17.1.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-41166

Weaknesses

No CWEs

Credits