CVE-2020-36248

LOW

Owncloud Client < 2.15 - Cleartext Storage

Title source: rule

Description

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.

References (1)

[Vendor Advisory] https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/

Scores

CVSS v3 3.9

EPSS 0.0003

EPSS Percentile 7.6%

Attack Vector PHYSICAL

CVSS:3.1/AV:P/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N

Classification

CWE

CWE-312

Status published

Affected Products (1)

owncloud/owncloud_client < 2.15

Timeline

Published Feb 19, 2021

Tracked Since Feb 18, 2026