CVE-2024-38272
CVE-2024-38272
7.1
HighPublished:
Last updated:
Source:cve-coordination@google.com
Modified
Weakness (CWE)
CVSS Vector
v4.0- Attack Vector
- Adjacent
- Attack Complexity
- High
- Attack Requirements
- Present
- Privileges Required
- Low
- User Interaction
- None
- Confidentiality (Vulnerable)
- High
- Integrity (Vulnerable)
- Low
- Availability (Vulnerable)
- Low
- Confidentiality (Subsequent)
- High
- Integrity (Subsequent)
- Low
- Availability (Subsequent)
- Low
Description
There exists a vulnerability in Quick Share/Nearby, where an attacker can bypass the accept file dialog on Quick Share Windows. Normally in Quick Share Windows app we can't send a file without the user accept from the receiving device if the visibility is set to everyone mode or contacts mode. We recommend upgrading to version 1.0.1724.0 of Quick Share or above
References
cve-coordination@google.com
https://github.com/google/nearby/pull/2402cve-coordination@google.com
https://github.com/google/nearby/pull/2589af854a3a-2127-422b-91ae-364da2661108
https://github.com/google/nearby/pull/2402af854a3a-2127-422b-91ae-364da2661108
https://github.com/google/nearby/pull/2589