CVE-2020-36248

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2020-36248

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36248.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-36248

Published

2021-02-19T08:15:11.760Z

Modified

2026-03-13T00:41:33.258621Z

Severity

4.6 (Medium) CVSS_V3 - CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The ownCloud application before 2.15 for Android allows attackers to use adb to include a PIN preferences value in a backup archive, and consequently bypass the PIN lock feature by restoring from this archive.

References

https://owncloud.com/security-advisories/bypassing-app-lock-pattern-passcode-fingerprint-lock-android-oc-sa-2020-003/

Affected packages

Git / github.com/owncloud/android

Affected ranges

Type

GIT

Repo

https://github.com/owncloud/android

Events

Introduced

Fixed

4984a047c8b0f0ae856609ff9eebf1a056475a80

Database specific

{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2.15"
        }
    ]
}

Affected versions

1.*

1.4.6-easy-setup

oc-JB-workaround-1.*

oc-JB-workaround-1.0.3

Other

oc-android-1-3-12

oc-android-1-3-13

oc-android-1-3-14

oc-android-1-3-17

oc-android-1-3-18

oc-android-1-3-19

oc-android-1-3-20

oc-android-1-3-21

oc-android-1-3-22

oc-android-1-4-0

oc-android-1.*

oc-android-1.4.1

oc-android-1.4.3

oc-android-1.4.4

oc-android-1.4.5

oc-android-1.4.6

oc-android-1.5.0

oc-android-1.5.1

oc-android-1.5.2

oc-android-1.5.3

oc-android-1.5.4

oc-android-1.5.5

oc-android-1.5.6

oc-android-1.5.7

oc-android-1.5.8

oc-android-1.6.0

oc-android-1.6.1

oc-android-1.6.2

oc-android-1.6.3-SAML-not-to-release

oc-android-1.6.3-not-to-release

oc-android-1.7.0

oc-android-1.7.0_signed

oc-android-1.7.1_oem

oc-android-1.7.1_signed

oc-android-1.7.2

oc-android-1.8

oc-android-1.9

oc-android-1.9.1

oc-android-2.*

oc-android-2.0.0

oc-android-2.0.1

oc-android-2.1.0

oc-android-2.1.1

oc-android-2.1.2

oc-android-2.10.0

oc-android-2.10.0-beta.1

oc-android-2.11.0

oc-android-2.11.0-beta.1

oc-android-2.11.1

oc-android-2.11.1_oem

oc-android-2.12

oc-android-2.12-beta.1

oc-android-2.13

oc-android-2.13.1

oc-android-2.13.1_oem

oc-android-2.14

oc-android-2.15-beta.2

oc-android-2.2.0

oc-android-2.3.0

oc-android-2.4.0

oc-android-2.5.0

oc-android-2.5.0-beta.1

oc-android-2.5.0-beta.2

oc-android-2.6.0

oc-android-2.7.0

oc-android-2.7.0-beta.1

oc-android-2.8.0

oc-android-2.8.0-beta.1

oc-android-2.9.0

oc-android-2.9.1

oc-android-2.9.2

oc-android-2.9.3

oc-android-2.9.3_oem

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-36248.json"