Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Intent URI permissions manipulation in nextcloud news-android
Vulnerability Description
nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.
CVSS Information
CVSS:3.1/AV:L/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N
Vulnerability Type
从非可信控制范围包含功能例程
Vulnerability Title
Nextcloud Android app 安全漏洞
Vulnerability Description
Nextcloud Android app是德国Nextcloud公司的一款基于Android平台,用于访问Nextcloud服务器的移动应用程序。 nextcloud news- Android存在安全漏洞,攻击者可以安装一个恶意应用程序在同一设备上,进而通过发送它的任意意图从而得到敏感信息。
CVSS Information
N/A
Vulnerability Type
N/A