Vulnerability Description
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud | < 3.16.0 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-qThird Party Advisory
- https://hackerone.com/reports/1167916ExploitIssue TrackingThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-qThird Party Advisory
- https://hackerone.com/reports/1167916ExploitIssue TrackingThird Party Advisory
FAQ
What is CVE-2021-22905?
CVE-2021-22905 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using th...
How severe is CVE-2021-22905?
CVE-2021-22905 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-22905?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud.