CVE-2021-22905

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.

Published: Jun 11, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-22905
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 6.5
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-200

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud	-	3.16.0

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj
https://hackerone.com/reports/1167916

Vulnerability Database

289,697

CVE-2021-22905