VYPR
Unrated severityNVD Advisory· Published Nov 30, 2021· Updated Aug 4, 2024

Intent URI permissions manipulation in nextcloud news-android

CVE-2021-41256

Description

nextcloud news-android is an Android client for the Nextcloud news/feed reader app. In affected versions the Nextcloud News for Android app has a security issue by which a malicious application installed on the same device can send it an arbitrary Intent that gets reflected back, unintentionally giving read and write access to non-exported Content Providers in Nextcloud News for Android. Users should upgrade to version 0.9.9.63 or higher as soon as possible.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2
  • Nextcloud/news-androidllm-create2 versions
    <0.9.9.63+ 1 more
    • (no CPE)range: <0.9.9.63
    • (no CPE)range: < 0.9.9.63

Patches

Vulnerability mechanics

References

3

News mentions

0

No linked articles in our index yet.