- Risk: low
- CVSS v3 Base Score: 5
- CVSS v3 Vector: AV:L/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
- CWE ID: CWE-35
- CWE Name: Path Traversal: ‘…/…//’
- CVE: CVE-2023-24804
Description
Due to missing file path sanitation an attacker could read from and write to the Android app’s internal storage.
Affected
- ownCloud app for Android < 3.0
Action taken
Added a proper sanitation and validation of the file path.
Acknowledgment
This issue was discovered and reported by the CodeQL team member @atorralba (Tony Torralba).