CVE-2021-41256
Summary
| CVE | CVE-2021-41256 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-11-30 21:15:00 UTC |
| Updated | 2021-12-02 18:33:00 UTC |
| Description | nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible. |
Risk And Classification
Problem Types: CWE-829
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| Intent URI permissions manipulation · Advisory · nextcloud/news-android · GitHub | CONFIRM | github.com | |
| news-android/GHSL-2021-1033_Nextcloud_News_for_Android.md at master · nextcloud/news-android · GitHub | MISC | github.com | |
| fix GHSL-2021-1033 · nextcloud/news-android@05449cb · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 630788 Nextcloud News For Android Arbitrary Code Execution Vulnerability