Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
                
            References
                    | Link | Resource | 
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj | Third Party Advisory | 
| https://hackerone.com/reports/1167916 | Exploit Issue Tracking Third Party Advisory | 
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj | Third Party Advisory | 
| https://hackerone.com/reports/1167916 | Exploit Issue Tracking Third Party Advisory | 
Configurations
                    History
                    No history.
Information
                Published : 2021-06-11 16:15
Updated : 2024-11-21 05:50
NVD link : CVE-2021-22905
Mitre link : CVE-2021-22905
CVE.ORG link : CVE-2021-22905
JSON object : View
Products Affected
                nextcloud
- nextcloud
CWE
                
                    
                        
                        CWE-200
                        
            Exposure of Sensitive Information to an Unauthorized Actor
