CVE-2021-22912

Summary

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

Affected Software

VendorProductVersion RangeStatus
n/aNextcloud iOS app (it.twsweb.Nextcloud)Fixed in 3.4.2affected

Weaknesses

  • CWE-200: Information Disclosure (CWE-200)

ADP Enrichment

CVE Program Container

Additional References

References