CVE-2019-5452
LOWNextcloud Android App < 3.6.2 - Improper Access Control via Thumbnail Content Provider
Title source: llmDescription
Bypass lock protection in the Nextcloud Android app prior to version 3.6.2 causes leaking of thumbnails when requesting the Android content provider although the lock protection was not solved.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/534541
Scores
CVSS v3
2.4
EPSS
0.0006
EPSS Percentile
17.1%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-284
Status
published
Products (1)
nextcloud/nextcloud
< 3.6.2
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026