CVE-2019-5453
MEDIUMNextcloud Android App < 3.3.0 - Authentication Bypass via File Provider Switch
Title source: llmDescription
Bypass lock protection in the Nextcloud Android app prior to version 3.3.0 allowed access to files when being prompted for the lock protection and switching to the Nextcloud file provider.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/331489
Scores
CVSS v3
6.1
EPSS
0.0005
EPSS Percentile
16.2%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
Details
CWE
CWE-287
CWE-288
Status
published
Products (2)
nextcloud/nextcloud
3.3.0 rc1 (3 CPE variants)
nextcloud/nextcloud
< 3.2.4
Published
Jul 30, 2019
Tracked Since
Feb 18, 2026