Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.
{
"cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
]
}{
"cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
]
}{
"cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:iphone_os:*:*",
"source": "CPE_RANGE",
"extracted_events": [
{
"introduced": "0"
},
{
"fixed": "3.4.2"
}
]
}