Input validation error in Nextcloud Server - CVE-2019-5451
Published: July 30, 2019 / Updated: July 17, 2020
Vulnerability identifier: #VU30978
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2019-5451
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Nextcloud
Affected software:
Nextcloud Server
Nextcloud Server
Detailed vulnerability description
The vulnerability allows a local non-authenticated attacker to gain access to sensitive information.
Bypass lock protection in the Nextcloud Android app prior to version 3.6.1 allows accessing the files when repeatedly opening and closing the app in a very short time.
How to mitigate CVE-2019-5451
Install update from vendor's website.