Skip to content

Default Nextcloud Server and Android Client leak sharee searches to Nextcloud

Low
LukasReschke published GHSA-22v9-q3r6-x7cj Jun 1, 2021

Package

Nextcloud Android Client

Affected versions

< 3.16.0

Patched versions

3.16.0

Description

Impact

Searches for sharees are performed by default on the lookup server in the Nextcloud Android app before v3.16.0. This breaks the expectation that searches are only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

Patches

It is recommended that the Nextcloud Android App is upgraded to 3.16.0.

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Severity

Low

CVE ID

CVE-2021-22905

Weaknesses

Credits