Access to internal files through ownCloud Android App

Mar 17, 2022

  • Risk: low
  • CVSS v3 Base Score: 2.8
  • CVSS v3 Vector: AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
  • CWE ID: CWE-284
  • CWE Name: CWE-284: Improper Access Control
  • CVE: CVE-2022-25339

Description

An attacker wich local access to a device with the ownCloud Android app could access internal files of the app.

Affected

  • ownCloud Android app < 2.20

Action taken

Fix the access control