CVE-2021-32658 :: Enginsight Vulnerability Database

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	NIST	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
GitHub_M	CNA	4.7 MEDIUM	LOCAL	HIGH	LOW	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
CVE	ADP	---				---

Awaiting analysis

This vulnerability is currently awaiting analysis.

Base Score

CVSS 3.x

EPSS Score

Percentile: 35%

Known Exploits!

Common Weakness Enumeration

CWE-200 - Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-212 - Improper Removal of Sensitive Information Before Storage or Transfer
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.

References

https://github.com/nextcloud/android/commit/355f3c745b464b741b20a3b96597303490c26333

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g5gf-rmhm-wpxw

https://hackerone.com/reports/1189168

https://github.com/nextcloud/android/commit/355f3c745b464b741b20a3b96597303490c26333

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g5gf-rmhm-wpxw

https://hackerone.com/reports/1189168