Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
Advisories
Source ID Title
EUVD EUVD EUVD-2021-10034 Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: hackerone

Published:

Updated: 2024-08-03T18:58:26.359Z

Reserved: 2021-01-06T00:00:00

Link: CVE-2021-22905

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2021-06-11T16:15:11.597

Modified: 2024-11-21T05:50:53.157

Link: CVE-2021-22905

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.