CVE-2021-22905: Infoleak
First published: Fri Jun 11 2021(Updated: )
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
Credit: support@hackerone.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud | <3.16.0 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is CVE-2021-22905?
CVE-2021-22905 is a vulnerability in the Nextcloud Android App (com.nextcloud.client) before v3.16.0 that allows information disclosure.
How does CVE-2021-22905 affect Nextcloud Android App?
CVE-2021-22905 allows searches for sharees to be performed by default on the lookup server instead of only using the local Nextcloud server, leading to potential information disclosure.
What is the severity of CVE-2021-22905?
The severity of CVE-2021-22905 is medium with a CVSS score of 6.5.
How can I fix CVE-2021-22905?
To fix CVE-2021-22905, update your Nextcloud Android App to version 3.16.0 or later.
Where can I find more information about CVE-2021-22905?
You can find more information about CVE-2021-22905 in the Nextcloud security advisories and the related HackerOne report.
- collector/nvd-index
- agent/severity
- agent/author
- agent/weakness
- agent/references
- agent/type
- agent/event
- agent/description
- agent/softwarecombine
- agent/last-modified-date
- agent/tags
- vendor/nextcloud
- canonical/nextcloud nextcloud