CVE-2024-38272

There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows.Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode.We recommend upgrading to version 1.0.1724.0 of Quick Share or above
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
4.3 MEDIUM
ADJACENT_NETWORK
LOW
NONE
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
GoogleCNA
---
---
CISA-ADPADP
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 3%
VendorProductVersion
googlenearby
𝑥
< 1.0.1724.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/google/nearby/pull/2402
https://github.com/google/nearby/pull/2589
https://github.com/google/nearby/pull/2402
https://github.com/google/nearby/pull/2589