Vulnerability Details CVE-2023-49790
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.002
EPSS Ranking 40.9%
CVSS Severity
CVSS v3 Score 4.3
References
- https://github.com/nextcloud/ios/pull/2665
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv
- https://hackerone.com/reports/2245437
- https://github.com/nextcloud/ios/pull/2665
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv
- https://hackerone.com/reports/2245437
Products affected by CVE-2023-49790
-
cpe:2.3:a:nextcloud:nextcloud:-
-
cpe:2.3:a:nextcloud:nextcloud:2.22.4
-
cpe:2.3:a:nextcloud:nextcloud:2.22.5
-
cpe:2.3:a:nextcloud:nextcloud:2.22.6
-
cpe:2.3:a:nextcloud:nextcloud:2.22.7
-
cpe:2.3:a:nextcloud:nextcloud:2.22.8
-
cpe:2.3:a:nextcloud:nextcloud:2.22.9
-
cpe:2.3:a:nextcloud:nextcloud:2.23.0
-
cpe:2.3:a:nextcloud:nextcloud:2.23.1
-
cpe:2.3:a:nextcloud:nextcloud:2.23.2
-
cpe:2.3:a:nextcloud:nextcloud:2.23.3
-
cpe:2.3:a:nextcloud:nextcloud:2.23.4
-
cpe:2.3:a:nextcloud:nextcloud:2.23.5
-
cpe:2.3:a:nextcloud:nextcloud:2.23.6
-
cpe:2.3:a:nextcloud:nextcloud:2.23.7
-
cpe:2.3:a:nextcloud:nextcloud:2.23.8
-
cpe:2.3:a:nextcloud:nextcloud:2.24.0
-
cpe:2.3:a:nextcloud:nextcloud:2.24.1
-
cpe:2.3:a:nextcloud:nextcloud:2.24.3
-
cpe:2.3:a:nextcloud:nextcloud:2.24.4
-
cpe:2.3:a:nextcloud:nextcloud:2.25.0
-
cpe:2.3:a:nextcloud:nextcloud:2.25.1
-
cpe:2.3:a:nextcloud:nextcloud:2.25.2
-
cpe:2.3:a:nextcloud:nextcloud:2.25.3
-
cpe:2.3:a:nextcloud:nextcloud:2.25.4
-
cpe:2.3:a:nextcloud:nextcloud:2.25.5
-
cpe:2.3:a:nextcloud:nextcloud:2.25.6
-
cpe:2.3:a:nextcloud:nextcloud:3.4.2
-
cpe:2.3:a:nextcloud:nextcloud:4.7.0