Access Control Weakness in ownCloud Android App by ownCloud
CVE-2022-25338

6.8MEDIUM

Key Information:

Vendor: Owncloud
Status: Owncloud
Vendor: CVE Published:; 7 April 2022

What is CVE-2022-25338?

The ownCloud Android application prior to version 2.20 is susceptible to improper access control, which can be exploited by physically proximate attackers. This vulnerability could allow unauthorized users to access sensitive data or perform actions without proper authorization, highlighting the need for improved security measures to protect application integrity and user information.

References

https://owncloud.com/security-advisories/cve-2022-25338/

x_refsource_MISC

CVSS V3.1

Score:

6.8

Severity:

MEDIUM

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Physical

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 7, 2022
Vulnerability Reserved
Feb 18, 2022

Owncloud

What is CVE-2022-25338?

References

CVSS V3.1

Timeline