SB2023010313 - Multiple vulnerabilities in ownCloud Android App

CSH
CYBERSECURITY HELP
Sign In REGISTER

Main Vulnerability Database SB2023010313

SB2023010313 - Multiple vulnerabilities in ownCloud Android App

Published: January 3, 2023

Security Bulletin ID SB2023010313
Severity
Low
Patch available
YES
Number of vulnerabilities 2
Exploitation vector Local access
Highest impact Data manipulation

Breakdown by Severity

Low 100%
  • Low
  • Medium
  • High
  • Critical

Description

This security bulletin contains information about 2 secuirty vulnerabilities.


1) Incorrect default permissions (CVE-ID: CVE-2022-25339)

The vulnerability allows a local application to gain access to sensitive application files.

The vulnerability exists due to incorrect default permissions for files and folders that are set by the application. A local application can access internal files of the application.


2) Security features bypass (CVE-ID: CVE-2022-25338)

The vulnerability allows an attacker to bypass implemented security features.

The vulnerability exists due to unspecified error in the app lock functionality. An attacker with physical access to device can bypass the app lock and gain unauthorized access to the application.


Remediation

Install update from vendor's website.

References