CVE-2021-22912
N/A
N/A
Summary
Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| n/a | Nextcloud iOS app (it.twsweb.Nextcloud) | Fixed in 3.4.2 | affected |
Weaknesses
- CWE-200: Information Disclosure (CWE-200)
ADP Enrichment
CVE Program Container
Additional References
- https://hackerone.com/reports/1167919
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m7w4-cvjr-76mh
References
- https://hackerone.com/reports/1167919
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m7w4-cvjr-76mh
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.