CVE-2021-22905
N/A
N/A
Summary
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Nextcloud Android App (com.nextcloud.client) | Fixed in 3.16.0 | affected |
Weaknesses
- CWE-200: Information Disclosure (CWE-200)
ADP Enrichment
CVE Program Container
Additional References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj
- https://hackerone.com/reports/1167916
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj
- https://hackerone.com/reports/1167916
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.