CVE-2023-49790
- Source
- https://cve.org/CVERecord?id=CVE-2023-49790
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49790.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2023-49790
- Aliases
-
- GHSA-j8g7-88vv-rggv
- Published
- 2023-12-22T16:19:28.440Z
- Modified
- 2026-04-12T06:44:54.314876Z
- Severity
-
- 4.3 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L CVSS Calculator
- Summary
- App PIN code can be bypassed in Nextcloud Files iOS
- Details
-
The Nextcloud iOS Files app allows users of iOS to interact with Nextcloud, a self-hosted productivity platform. Prior to version 4.9.2, the application can be used without providing the 4 digit PIN code. Nextcloud iOS Files app should be upgraded to 4.9.2 to receive the patch. No known workarounds are available.
- Database specific
{ "cna_assigner": "GitHub_M", "cwe_ids": [ "CWE-287" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49790.json" }- References
-
- https://hackerone.com/reports/2245437
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/49xxx/CVE-2023-49790.json
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j8g7-88vv-rggv
- https://nvd.nist.gov/vuln/detail/CVE-2023-49790
- https://github.com/nextcloud/ios/pull/2665
Affected packages
Git / github.com/nextcloud/ios
Affected ranges
- Type
- GIT
- Repo
- https://github.com/nextcloud/ios
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.17
2.17.2
2.17.7
2.17.8
2.18.1
2.19.3
2.20.1
2.21.0
2.22.1
2.22.5
2.22.6
2.23.7
3.*
3.0.10
3.0.11
3.0.12
3.0.14
3.0.15
3.1.0
3.2.0
3.3.0
3.4.0
3.4.1
3.4.2
3.4.3
3.4.4
3.4.5
4.*
4.0.0
4.0.1
4.0.2
4.0.3
4.0.4
4.0.5
4.0.6
4.1.0
4.2.0
4.2.1
4.2.2
4.3.0
4.3.1
4.4.0
4.4.1
4.4.2
4.4.3
4.4.4
4.5.0
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
4.5.6
4.5.7
4.6.0
4.7.0
4.8.0
4.8.1
4.8.3
4.8.4
4.8.5
4.8.6
4.9.0
4.9.1
v2.*
v2.23.8
v2.24.0
v2.24.1
v2.24.2
v2.24.3
v2.25.2
v2.25.3
v2.25.4
v2.25.5
v2.25.6
v2.25.7
v2.25.9
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8
Database specific
vanir_signatures_modified
"2026-04-12T06:44:54Z"
vanir_signatures
[
{
"id": "CVE-2023-49790-47cb16c7",
"target": {
"file": "Widget/Widget-Brinding-header.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"289205019596704620420982683311375731514"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/nextcloud/ios/commit/2a9b9d80eeef6d3d564b4e0dc07f744b0d88a718",
"signature_version": "v1"
},
{
"id": "CVE-2023-49790-89825601",
"target": {
"file": "iOSClient/Utility/CCUtility.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"112173329753056903180984462876509896245",
"110945458296116854393824999252860522629",
"271541081634847873814353017330378646873",
"139135920270742116834688243540465954183",
"275332674802083690680798926454885545066",
"254871343197979509222751983946897532855",
"123993924388937578691860271658873068748",
"193090720028766701138294781152324181082",
"169368724535884785976751269861988387151",
"150391637519334315455290703188312205045",
"3835931684407054496780342101117097439",
"257857448304893024233222584185989740434",
"6719209182373161526318208923297433781",
"295688564053313991451685274971777299308",
"10392441310323031979424611655810653106",
"97013246760161581707014735183533480320",
"177892911885412068550180954232718006990",
"288796905947921996608006327992635015165",
"107385557575227458309401318652957035857",
"223109994966252354900487459272629370793",
"229332709349458681798384420634559884778",
"190871710824011370664620858850079538727",
"307020673145089343098187497077483292285",
"222153032577036595940095882580308294292",
"211177048055351992004992426423129177335",
"193567567449671931410639686289372032529",
"221059062961361345213795155749548380909",
"240899881459712743497282160149586446078",
"60708865003726791410067071091406047660",
"176561128590165218861249330291541941249",
"309273627049024044471518607284531659682",
"66778117869771188816697448336147055539",
"45110134684909902469637707784742979849",
"282053558237452878570554500714111376349",
"279651741612988142292639085097949265405",
"315337689871195740645616320784673873389",
"206364264092191845615041487025166326763",
"304060055431396155638126202049184152688",
"338135370472643215393214840166800479717",
"216934716994392548905917918929654253098",
"294749349450924403523887650098891722501",
"313267271252019076070508800911884234042",
"186841192750970798057853722708429622719",
"160939576093470145346166689099747164565",
"147531562068505776641994534688873590272",
"223387450727944217538146454319964619161",
"84374336678802915232499844150402947996",
"4977121209656986808362321081737801856",
"335268299954639773934624787116915537212",
"269401798114076186218165639612221777402",
"49137040224432205460347085479436673330",
"9624925151350539646557036952847934746",
"334294142975749004446672899364091399391",
"284791082997067989747947600274692788695",
"184608961169106480920180571885130603335",
"116208396005085135955441011926175110453",
"258812771641472526593106845921894538801",
"106331110546375056376905043630178185288",
"26962097615939758671456206930506018237",
"185954393135041120214214337743429045367",
"76088755911406060877817196485839625001",
"80398832663506060746591238656078522231",
"30444566314949698397310798659378245328",
"51156269626858437043632614269508165448",
"82513869842454823826724033110054635684",
"230339673747130192804941682298645350374",
"335398010861179369105339956855484904606",
"184358173963615830904210054027134263445",
"244340498141684254371304911676229014558",
"215429335746749088140366557316682888242",
"332082677144451877177545216055919790168",
"153971042823961770492506172304880905130",
"42205191060221873777156317340316406760",
"325595991815258433097118267765653189833",
"184891180397736718818384170048636585898",
"247225710257424621174770117887241617355",
"246775764145507042459332924026029613768",
"49712783777420249155245905477758488109",
"200412759541561945089851470804102875984",
"137373984669688156836974719716534055724",
"154764024642251786708357555520139736192",
"48179705602889107456367163511643900911",
"218329293393749321507958650814264724206",
"322525640168795801230251398787628428562",
"285770362095052414946398369059218678988",
"308899233075760755114662642879812731989",
"80887532680453137897671228898151760740",
"300222100050572861253032823558287584193",
"65821807931344594689084703082962866064",
"147375765831316345153365385860016429308",
"80192757548922635954450373929023881788",
"42746633444067758905948454875401724146",
"44795090571892193393802459461165940136",
"55349343015293288797761073251587319563",
"1582023343770897169701621649756543177",
"163455051774082527274366970638887847921",
"101972105364678542607453991903731394911",
"133630718105775933830591631221168129153",
"114949687189233510327655215804597358063",
"26658458059961633171221848184514267284",
"11885809434945102211642505978809349143",
"317300270777635271892866159476984890916",
"148440166730187412207485123088814985117",
"39891664916248563779807755263421985099",
"202825971698176428800631922237222711602",
"150174709750781637976736622739940341114",
"138819738465312289052142101284388280112",
"22070653887949721449201282881931670780",
"331154191908988910579841732827663210599",
"159030911457440303064137752062934942344",
"144243943614401566379376329380020597356",
"209021947775716501970979765295876252874",
"182044510343390659418035178402752043319",
"54577941840364493433832235782269598375",
"271246429202886272231686925791259270505",
"44088587769752678068368844963114860750",
"208638291246239761738363648955552766722",
"59757612953658690914735130445624830028",
"280329190785354963687716181041678035394",
"44587688160540642989326784030732241451",
"252719105674164966192390830841575515873",
"181623168822566753830699794928535446463",
"332105826963056237155898730724171564413",
"192237245962243883688012966784748513499",
"22416665341350743796827477148416361172",
"282563367905750360043819575165212891841",
"232148066323862986543787004789475272286",
"82307989567367853541341873106384536873",
"139472773863057234924319373650463237788",
"71369809427406142781768053213488442595",
"237239840128610405841106923603739506150",
"302070286142136761967270729497558959564",
"113022338600253726578426234919944531437",
"323929254808124834825352120273696489944",
"223308951378702138192494680261601123465",
"292632465406464631009230331274719266778",
"58970680679042680744148225649153864149",
"22853308967407143397895100912830588144",
"340240646383100612922936822348450565745",
"333422325186838656218430016509024845408",
"247638744559748229414345937599387557753",
"117019547191512728827252780399361602481",
"134536364938054977327428016029278819549"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/nextcloud/ios/commit/2a9b9d80eeef6d3d564b4e0dc07f744b0d88a718",
"signature_version": "v1"
},
{
"id": "CVE-2023-49790-ae5ba6ee",
"target": {
"file": "iOSClient/PushNotification/NCPushNotificationEncryption.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"153506089562391721903482851223166524953"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/nextcloud/ios/commit/2a9b9d80eeef6d3d564b4e0dc07f744b0d88a718",
"signature_version": "v1"
},
{
"id": "CVE-2023-49790-c67dd526",
"target": {
"file": "Share/Share-Bridging-Header.h"
},
"deprecated": false,
"digest": {
"line_hashes": [
"111984409702932655804657089236724611583"
],
"threshold": 0.9
},
"signature_type": "Line",
"source": "https://github.com/nextcloud/ios/commit/2a9b9d80eeef6d3d564b4e0dc07f744b0d88a718",
"signature_version": "v1"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-49790.json"