App PIN code can be bypassed in Nextcloud Files iOS
CVE-2023-49790

4.3MEDIUM

Key Information:

Vendor

nextcloud
Status
security-advisories
Vendor
CVE Published:
22 December 2023

What is CVE-2023-49790?

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.

Affected Version(s)

security-advisories < 4.9.2

References

https://github.com/nextcloud/security-advisories/security...
x_refsource_CONFIRM
https://github.com/nextcloud/ios/pull/2665
x_refsource_MISC
https://hackerone.com/reports/2245437
x_refsource_MISC

CVSS V3.1

Score:
4.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Physical
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.