Add CVE-2022-24886 for GHSA-5cj3-v98r-2wmq

Add CVE-2022-24886 for GHSA-5cj3-v98r-2wmq

2022/24xxx/CVE-2022-24886.json

@@ -1,18 +1,93 @@
 {
-    "data_type": "CVE",
-    "data_format": "MITRE",
-    "data_version": "4.0",
     "CVE_data_meta": {
+        "ASSIGNER": "security-advisories@github.com",
         "ID": "CVE-2022-24886",
-        "ASSIGNER": "cve@mitre.org",
-        "STATE": "RESERVED"
+        "STATE": "PUBLIC",
+        "TITLE": "Exposure of Sensitive Information to an Unauthorized Actor in com.nextcloud.client"
     },
+    "affects": {
+        "vendor": {
+            "vendor_data": [
+                {
+                    "product": {
+                        "product_data": [
+                            {
+                                "product_name": "security-advisories",
+                                "version": {
+                                    "version_data": [
+                                        {
+                                            "version_value": "< 3.19.0"
+                                        }
+                                    ]
+                                }
+                            }
+                        ]
+                    },
+                    "vendor_name": "nextcloud"
+                }
+            ]
+        }
+    },
+    "data_format": "MITRE",
+    "data_type": "CVE",
+    "data_version": "4.0",
     "description": {
         "description_data": [
             {
                 "lang": "eng",
-                "value": "** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided."
+                "value": "Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds."
             }
         ]
+    },
+    "impact": {
+        "cvss": {
+            "attackComplexity": "LOW",
+            "attackVector": "PHYSICAL",
+            "availabilityImpact": "NONE",
+            "baseScore": 2.2,
+            "baseSeverity": "LOW",
+            "confidentialityImpact": "LOW",
+            "integrityImpact": "NONE",
+            "privilegesRequired": "LOW",
+            "scope": "CHANGED",
+            "userInteraction": "REQUIRED",
+            "vectorString": "CVSS:3.1/AV:P/AC:L/PR:L/UI:R/S:C/C:L/I:N/A:N",
+            "version": "3.1"
+        }
+    },
+    "problemtype": {
+        "problemtype_data": [
+            {
+                "description": [
+                    {
+                        "lang": "eng",
+                        "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"
+                    }
+                ]
+            }
+        ]
+    },
+    "references": {
+        "reference_data": [
+            {
+                "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmq",
+                "refsource": "CONFIRM",
+                "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmq"
+            },
+            {
+                "name": "https://github.com/nextcloud/android/pull/9726",
+                "refsource": "MISC",
+                "url": "https://github.com/nextcloud/android/pull/9726"
+            },
+            {
+                "name": "https://hackerone.com/reports/1161401",
+                "refsource": "MISC",
+                "url": "https://hackerone.com/reports/1161401"
+            }
+        ]
+    },
+    "source": {
+        "advisory": "GHSA-5cj3-v98r-2wmq",
+        "discovery": "UNKNOWN"
     }
 }