BIT-nextcloud-2021-22905

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2021-22905.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-nextcloud-2021-22905
Aliases
Published
2026-07-12T23:47:37.522Z
Modified
2026-07-13T06:26:21.150653938Z
Summary
[none]
Details

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.

Database specific
{
    "severity": "Medium",
    "cpes": [
        "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*"
    ]
}
References

Affected packages

Bitnami / nextcloud

Package

Name
nextcloud
Purl
pkg:bitnami/nextcloud

Severity

  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.16.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2021-22905.json"