CVE-2021-22905

Summary

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud Android App (com.nextcloud.client)Fixed in 3.16.0affected

Weaknesses

  • CWE-200: Information Disclosure (CWE-200)

ADP Enrichment

CVE Program Container

Additional References

References