CVE-2023-23948

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2023-23948

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-23948.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-23948

Published

2023-02-13T17:15:11Z

Modified

2025-03-28T02:03:35.673979Z

Severity

5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The ownCloud Android app allows ownCloud users to access, share, and edit files and folders. Version 2.21.1 of the ownCloud Android app is vulnerable to SQL injection in FileContentProvider.kt. This issue can lead to information disclosure. Two databases, filelist and owncloud_database, are affected. In version 3.0, the filelist database was deprecated. However, injections affecting owncloud_database remain relevant as of version 3.0.

References

https://securitylab.github.com/advisories/GHSL-2022-059_GHSL-2022-060_Owncloud_Android_app/

Affected packages

Git / github.com/owncloud/android

Affected ranges

Type: GIT
Repo: https://github.com/owncloud/android
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

494b2f7f524ba8c57e7623907d3be8b896a12213

Affected versions

1.*

1.4.6-easy-setup

oc-JB-workaround-1.*

oc-JB-workaround-1.0.3

Other

oc-android-1-3-12

oc-android-1-3-13

oc-android-1-3-14

oc-android-1-3-17

oc-android-1-3-18

oc-android-1-3-19

oc-android-1-3-20

oc-android-1-3-21

oc-android-1-3-22

oc-android-1-4-0

oc-android-1.*

oc-android-1.4.1

oc-android-1.4.3

oc-android-1.4.4

oc-android-1.4.5

oc-android-1.4.6

oc-android-1.5.0

oc-android-1.5.1

oc-android-1.5.2

oc-android-1.5.3

oc-android-1.5.4

oc-android-1.5.5

oc-android-1.5.6

oc-android-1.5.7

oc-android-1.5.8

oc-android-1.6.0

oc-android-1.6.1

oc-android-1.6.2

oc-android-1.6.3-SAML-not-to-release

oc-android-1.6.3-not-to-release

oc-android-1.7.0

oc-android-1.7.0_signed

oc-android-1.7.1_oem

oc-android-1.7.1_signed

oc-android-1.7.2

oc-android-1.8

oc-android-1.9

oc-android-1.9.1

oc-android-2.*

oc-android-2.0.0

oc-android-2.0.1

oc-android-2.1.0

oc-android-2.1.1

oc-android-2.1.2

oc-android-2.10.0

oc-android-2.10.0-beta.1

oc-android-2.11.0

oc-android-2.11.0-beta.1

oc-android-2.11.1

oc-android-2.11.1_oem

oc-android-2.12

oc-android-2.12-beta.1

oc-android-2.13

oc-android-2.13.1

oc-android-2.13.1_oem

oc-android-2.14

oc-android-2.15

oc-android-2.15-beta.2

oc-android-2.15.1

oc-android-2.15.2

oc-android-2.15.2_oem

oc-android-2.15.3

oc-android-2.15.3_oem

oc-android-2.16

oc-android-2.17

oc-android-2.17-beta.1

oc-android-2.17_oem

oc-android-2.18

oc-android-2.18.1

oc-android-2.18.1_oem

oc-android-2.18_oem

oc-android-2.19

oc-android-2.19_oem

oc-android-2.2.0

oc-android-2.20_oem

oc-android-2.21

oc-android-2.21.1

oc-android-2.21.1_oem

oc-android-2.21.2

oc-android-2.21.2_oem

oc-android-2.3.0

oc-android-2.4.0

oc-android-2.5.0

oc-android-2.5.0-beta.1

oc-android-2.5.0-beta.2

oc-android-2.6.0

oc-android-2.7.0

oc-android-2.7.0-beta.1

oc-android-2.8.0

oc-android-2.8.0-beta.1

oc-android-2.9.0

oc-android-2.9.1

oc-android-2.9.2

oc-android-2.9.3

oc-android-2.9.3_oem

oc-android-3.*

oc-android-3.0