CVE-2024-50657

Published: Nov 22, 2024Modified: Nov 27, 2024

6.8

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 0.9 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

An issue in Owncloud android apk v.4.3.1 allows a physically proximate attacker to escalate privileges via the PassCodeViewModel class, specifically in the checkPassCodeIsValid method

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (2)

https://drive.google.com/drive/folders/1C-ZYjYhmKRGvWs9YN51XOiAS2WxxwdQd?usp=sharing

Source: cve@mitre.org

https://github.com/SAHALLL/CVE-2024-50657

Source: cve@mitre.org

Timeline

No history available yet.