BIT-nextcloud-2022-39210

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2022-39210.json
JSON Data
https://api.osv.dev/v1/vulns/BIT-nextcloud-2022-39210
Aliases
Published
2026-07-12T23:47:50.632Z
Modified
2026-07-13T06:26:36.789482229Z
Summary
Access to internal files of the Nextcloud Android app
Details

Nextcloud android is the official Android client for the Nextcloud home server platform. Internal paths to the Nextcloud Android app files are not properly protected. As a result access to internal files of the from within the Nextcloud Android app is possible. This may lead to a leak of sensitive information in some cases. It is recommended that the Nextcloud Android app is upgraded to 3.21.0. There are no known workarounds for this issue.

Database specific
{
    "cpes": [
        "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*"
    ],
    "severity": "Medium"
}
References

Affected packages

Bitnami / nextcloud

Package

Name
nextcloud
Purl
pkg:bitnami/nextcloud

Severity

  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
3.21.0

Database specific

source
"https://github.com/bitnami/vulndb/tree/main/data/nextcloud/BIT-nextcloud-2022-39210.json"