diff options
Diffstat (limited to 'old/android/nc-sa-2018-015.json')
-rw-r--r-- | old/android/nc-sa-2018-015.json | 30 |
1 files changed, 30 insertions, 0 deletions
diff --git a/old/android/nc-sa-2018-015.json b/old/android/nc-sa-2018-015.json new file mode 100644 index 0000000..4698ae3 --- /dev/null +++ b/old/android/nc-sa-2018-015.json @@ -0,0 +1,30 @@ +{ + "Title": "Improper check for access to application database", + "Timestamp": 1564128000, + "Risk": 1, + "CVSS3": { + "score": 1.8, + "vector": "AV:L/AC:H/PR:H/UI:R/S:U/C:L/I:N/A:N" + }, + "CWE": { + "id": 284, + "name": "Improper Access Control" + }, + "HackerOne": 331302, + "Affected":[ + { + "Version":"3.2.0", + "CVE":"CVE-2018-3765", + "Operator":"<" + } + ], + "Description":"A too permissive check allowed an installed application that contained the Nextcloud client package name to obtain access to the database of the Nextcloud application. At time of disclosure there are no applications with in the Google Play Store that fullfill this requirement.", + "ActionTaken": "The error has been fixed.", + "Acknowledgment":[ + { + "Name": "NA", + "Reason": "Vulnerability discovery and disclosure." + } + ], + "Resolution": "It is recommended that users upgrade to version 3.2.0." +} |