CVE-2019-5451

MEDIUM

Nextcloud Android App < 3.6.1 - Unauthenticated Lock Protection Bypass

Title source: llm
STIX 2.1

Description

Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.

References (1)

Core 1
Core References
Third Party Advisory x_refsource_misc
https://hackerone.com/reports/507172

Scores

CVSS v3 4.6
EPSS 0.0007
EPSS Percentile 21.1%
Attack Vector PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE
CWE-306 CWE-288
Status published
Products (1)
nextcloud/nextcloud_server < 3.6.1
Published Jul 30, 2019
Tracked Since Feb 18, 2026