ByteOS Network

CVE Vulnerability Details :

CVE-2023-49790

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-22 Dec, 2023 | 16:19

Updated At-02 Aug, 2024 | 22:01

▼CVE Numbering Authority (CNA)

App PIN code can be bypassed in Nextcloud Files iOS

The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.

Affected Products

Vendor

Nextcloud GmbH

Product

security-advisories

Versions

Affected

< 4.9.2

Problem Types

Type	CWE ID	Description
CWE	CWE-287	CWE-287: Improper Authentication

Metrics

Version	Base score	Base severity	Vector
3.1	4.3	MEDIUM	CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References

Hyperlink	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv	x_refsource_CONFIRM
https://github.com/nextcloud/ios/pull/2665	x_refsource_MISC
https://hackerone.com/reports/2245437	x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv	x_refsource_CONFIRM x_transferred
https://github.com/nextcloud/ios/pull/2665	x_refsource_MISC x_transferred
https://hackerone.com/reports/2245437	x_refsource_MISC x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References