CVE-2021-22912

Source
https://cve.org/CVERecord?id=CVE-2021-22912
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22912.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-22912
Aliases
Published
2021-06-11T16:15:11.753Z
Modified
2026-07-13T06:26:31.799465179Z
Severity
  • 6.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

References

Affected packages

Git
github.com/nextcloud/android

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.2"
        }
    ]
}

Affected versions

0.*
0.99
1.*
1.0.0
1.4.6-easy-setup
Other
dev-20171209
dev-20171211
dev-20171212
dev-20171213
dev-20180809
dev-20180811
dev-20180821
dev-20180823
dev-20180824
dev-20180825
dev-20180829
dev-20180903
dev-20180905
dev-20180907
dev-20180908
dev-20180911
dev-20180912
dev-20180913
dev-20180914
dev-20180915
dev-20180918
dev-20180919
dev-20180920
dev-20180921
dev-20180924
dev-20180925
dev-20180926
dev-20180927
dev-20181006
dev-20181009
dev-20181013
dev-20181016
dev-20181018
dev-20181020
dev-20181023
dev-20181024
dev-20181025
dev-20181026
dev-20181027
dev-20181028
dev-20181030
dev-20181031
dev-20181101
dev-20181102
dev-20181103
dev-20181106
dev-20181107
oc-android-1-3-13
oc-android-1-3-14
oc-android-1-3-17
oc-android-1-3-18
oc-android-1-3-19
oc-android-1-3-20
oc-android-1-4-0
oc-android-1.*
oc-android-1.4.3
oc-android-1.4.4
oc-android-1.4.5
oc-android-1.4.6
oc-android-1.5.3
oc-android-1.7.0
oc-android-1.7.0_signed
oc-android-1.7.1_signed
oc-android-1.8
rc-1.*
rc-1.1.0-01
rc-1.1.0-02
rc-1.2.0-01
rc-1.2.0-02
rc-1.3.0-01
rc-1.3.0-02
rc-1.4.0-01
rc-1.4.0-02
rc-1.4.0-03
rc-1.4.0-04
rc-1.4.1-01
rc-1.4.1-02
rc-1.4.1-03
rc-1.4.1-04
rc-1.4.2-01
rc-1.4.2-02
rc-1.4.2-04
rc-2.*
rc-2.0.0-01
rc-2.0.0-03
rc-2.0.0-04
rc-2.0.0-05
rc-2.0.0-06
rc-2.0.0-07
rc-2.0.0-08
rc-2.0.0-09
rc-3.*
rc-3.0.0-01
rc-3.0.0-02
rc-3.0.0-03
rc-3.1.0-01
rc-3.1.0-02
rc-3.4.0-01
rc-3.4.0-02
rc-3.4.0-03
rc-3.4.1-02
rc-3.4.2-01
rc-3.4.2-02
stable-1.*
stable-1.0.0
stable-1.0.1
stable-1.1.0
stable-1.2.0
stable-1.3.0
stable-1.3.1
stable-1.4.0
stable-1.4.1
stable-1.4.2
stable-1.4.3
stable-2.*
stable-2.0.0
stable-3.*
stable-3.4.0
stable-3.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22912.json"
github.com/nextcloud/desktop

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/desktop
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.2"
        }
    ]
}

Affected versions

v0.*
v0.0.2
v1.*
v1.1.0
v1.1.0-beta1
v1.1.2
v1.2.0
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.5
v1.3.0-beta1
v1.3.0-beta2
v1.3.0-beta3
v1.4.0
v1.4.0-beta1
v1.4.0-beta2
v1.4.0-rc1
v1.5.0
v1.5.0-beta1
v1.5.0-beta1-2nd
v1.5.0-beta2
v1.5.0-beta3
v1.5.1-rc1
v1.6.0
v1.6.0-beta1
v1.6.0-beta2
v1.6.0-rc1
v1.6.0-rc2
v1.6.0-rc3
v1.8.0-beta1
v1.8.0-beta1a
v2.*
v2.5.0
v2.5.0-beta1
v2.5.0-beta2
v2.5.0-rc1
v2.5.0-rc2
v2.5.1
v2.5.2
v2.5.2-rc1
v2.5.3-rc1
v2.5.3-rc2
v2.7.0-beta1
v2.7.0-beta2
v2.7.0-beta3
v2.7.0-rc1
v3.*
v3.1.0
v3.1.0-rc1
v3.1.0-rc2
v3.2.0-rc1
v3.2.0-rc2
v3.2.0-rc3
v3.3.0
v3.3.0-rc1
v3.3.0-rc2
v3.4.0
v3.4.0-do-not-use
v3.4.0-rc1
v3.4.0-rc2
v3.4.1

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22912.json"
github.com/nextcloud/ios

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/ios
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Database specific
{
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*",
    "source": "CPE_RANGE",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.4.2"
        }
    ]
}

Affected versions

2.*
2.17
2.17.2
2.17.7
2.17.8
2.18.1
2.19.3
2.20.1
2.21.0
2.22.1
2.22.5
2.22.6
2.23.7
3.*
3.0.10
3.0.11
3.0.12
3.0.14
3.0.15
3.1.0
3.2.0
3.3.0
3.4.0
3.4.1
v2.*
v2.23.8
v2.24.0
v2.24.1
v2.24.2
v2.24.3
v2.25.2
v2.25.3
v2.25.4
v2.25.5
v2.25.6
v2.25.7
v2.25.9
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.0.7
v3.0.8

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22912.json"