Main Vulnerability Database Vulnerabilities #VU60447

Security features bypass in OneDrive for Android - CVE-2022-23255

Published: February 8, 2022

Vulnerability identifier: #VU60447

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2022-23255

CWE-ID: CWE-254

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Microsoft

Affected software:
OneDrive for Android

Detailed vulnerability description

The vulnerability allows a local user to compromsie the target system.

The vulnerability exists due to an error in Microsoft OneDrive for Android. An authenticated attacker with physical access can bypass the authentication to access OneDrive files.

How to mitigate CVE-2022-23255

Install updates from vendor's website.

Sources

https://portal.msrc.microsoft.com/en-US/security-guidance/advisory/CVE-2022-23255

Security features bypass in OneDrive for Android - CVE-2022-23255

Detailed vulnerability description

How to mitigate CVE-2022-23255

Sources

Please verify you're human