Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client
Vulnerability Description
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.
CVSS Information
CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Nextcloud Android app 信息泄露漏洞
Vulnerability Description
Nextcloud Android app是德国Nextcloud公司的一款基于Android平台,用于访问Nextcloud服务器的移动应用程序。 Nextcloud Android app 3.19.0之前版本存在信息泄露漏洞,该漏洞源于权限限制不足。攻击者可以利用该漏洞访问联系人。
CVSS Information
N/A
Vulnerability Type
N/A