Welcome to mirror list, hosted at ThFree Co, Russian Federation.

github.com/nextcloud/security-advisories.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/old/android/nc-sa-2018-015.json
diff options
context:
space:
mode:
Diffstat (limited to 'old/android/nc-sa-2018-015.json')
-rw-r--r--old/android/nc-sa-2018-015.json30
1 files changed, 30 insertions, 0 deletions
diff --git a/old/android/nc-sa-2018-015.json b/old/android/nc-sa-2018-015.json
new file mode 100644
index 0000000..4698ae3
--- /dev/null
+++ b/old/android/nc-sa-2018-015.json
@@ -0,0 +1,30 @@
+{
+ "Title": "Improper check for access to application database",
+ "Timestamp": 1564128000,
+ "Risk": 1,
+ "CVSS3": {
+ "score": 1.8,
+ "vector": "AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N"
+ },
+ "CWE": {
+ "id": 284,
+ "name": "Improper Access Control"
+ },
+ "HackerOne": 331302,
+ "Affected":[
+ {
+ "Version":"3.2.0",
+ "CVE":"CVE-2018-3765",
+ "Operator":"<"
+ }
+ ],
+ "Description":"A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.",
+ "ActionTaken": "The error has been fixed.",
+ "Acknowledgment":[
+ {
+ "Name": "NA",
+ "Reason": "Vulnerability discovery and disclosure."
+ }
+ ],
+ "Resolution": "It is recommended that users upgrade to version 3.2.0."
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-21 02:50:49 +0300