CVE-2022-24885
LOWNextcloud Android < 3.19.1 - Authentication Bypass via Repeated App Reopening
Title source: llmDescription
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.1, users can bypass a lock on the Nextcloud app on an Android device by repeatedly reopening the app. Version 3.19.1 contains a fix for the problem. There are currently no known workarounds.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-32j4-9xf3-h2mg
Patch, Third Party Advisory x_refsource_misc
https://github.com/nextcloud/android/pull/9816
Exploit, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1450368
Scores
CVSS v3
2.0
EPSS
0.0009
EPSS Percentile
26.0%
Attack Vector
PHYSICAL
CVSS:3.1/AV:P/AC:L/PR:H/UI:R/S:C/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-287
Status
published
Products (1)
nextcloud/nextcloud
< 3.19.1
Published
Apr 27, 2022
Tracked Since
Feb 18, 2026