CVE-2021-22905

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-22905
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22905.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22905
Related
  • GHSA-22v9-q3r6-x7cj
Published
2021-06-11T16:15:11.597Z
Modified
2026-02-26T09:13:45.596325Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.

References

Affected packages

Git / github.com/nextcloud/desktop

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
cbe48da7dc88d84606fb7159534350d199162f94

Affected versions

csync-0.*
csync-0.50.0
Other
e2e-tech-preview-1
v0.*
v0.0.2
v1.*
v1.1.0
v1.1.0-beta1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.3.0-beta4
v1.4.0
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.4.1
v1.5.0
v1.5.0-beta1
v1.5.0-beta1-2nd
v1.5.0-beta2
v1.5.0-beta3
v1.5.1
v1.5.1-rc1
v1.5.2
v1.5.3
v1.5.3-rc1
v1.6.0
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.6.1
v1.6.1-rc1
v1.6.2
v1.6.2-rc1
v1.6.2-rc2
v1.6.2-themefix
v1.7.0
v1.7.0-alpha1
v1.7.0-beta1
v1.7.0-beta2
v1.7.0-beta3
v1.7.0-beta4
v1.7.0-rc1
v1.7.0beta1
v1.7.0beta2
v1.7.1-beta1
v1.7.1-rc1
v1.8.0
v1.8.0-beta1
v1.8.0-beta1a
v1.8.0-beta2
v1.8.0-rc1
v1.8.0rc1
v1.8.1
v1.8.1-beta1
v1.8.1-rc1
v1.8.1-rc2
v1.8.2
v1.8.2-beta1
v1.8.2-rc1
v1.8.3
v1.8.3-rc1
v1.8.3-rc2
v1.8.3-rc3
v2.*
v2.0.0
v2.0.0-beta2
v2.0.0-rc2
v2.0.1
v2.0.2
v2.0.2-oem
v2.0.2-rc1
v2.0.2-rc2
v2.5.0
v2.5.0-beta1
v2.5.0-beta2
v2.5.0-rc1
v2.5.0-rc2
v2.5.1
v2.5.2
v2.5.2-rc1
v2.5.3-rc1
v2.5.3-rc2
v2.7.0-beta1
v2.7.0-beta2
v2.7.0-beta3
v2.7.0-rc1
v3.*
v3.1.0
v3.1.0-rc1
v3.1.0-rc2
v3.16.0-rc1
v3.16.0-rc2
v3.16.0-rc3
v3.16.0-rc4
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.3.0
v3.3.0-rc1
v3.3.0-rc2
v3.4.0-do-not-use
v3.4.0-rc1
v3.4.0-rc2
v3.5.0
v3.5.0-rc1
v3.5.0-rc2
v3.5.0-rc3
v3.5.0-rc4
v3.6.0
v3.6.0-rc1
v3.6.0-rc2

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22905.json"