CVE-2021-41166

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-41166

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41166.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-41166

Related

GHSA-wrwg-jwpg-r3c4

Published

2022-01-26T23:15:08.217Z

Modified

2025-12-05T12:30:37.892564Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. An issue in versions prior to 3.17.1 may lead to sensitive information disclosure. An unauthorized app that does not have the otherwise required MANAGE_DOCUMENTS permission may view image thumbnails for images it does not have permission to view. Version 3.17.1 contains a patch. There are no known workarounds.

References

Affected packages

Git / github.com/nextcloud/android

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/android
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

aa47197109970b8449c4e44601eba36e3481b086

Fixed

b6ecf515b38c2d82d32743f27236534f3e03ee0c

Affected versions

0.*

0.99

1.*

1.0.0

1.4.6-easy-setup

Other

dev-20171209

dev-20171211

dev-20171212

dev-20171213

dev-20180809

dev-20180811

dev-20180821

dev-20180823

dev-20180824

dev-20180825

dev-20180829

dev-20180903

dev-20180905

dev-20180907

dev-20180908

dev-20180911

dev-20180912

dev-20180913

dev-20180914

dev-20180915

dev-20180918

dev-20180919

dev-20180920

dev-20180921

dev-20180924

dev-20180925

dev-20180926

dev-20180927

dev-20181006

dev-20181009

dev-20181013

dev-20181016

dev-20181018

dev-20181020

dev-20181023

dev-20181024

dev-20181025

dev-20181026

dev-20181027

dev-20181028

dev-20181030

dev-20181031

dev-20181101

dev-20181102

dev-20181103

dev-20181106

dev-20181107

dev-20181203

dev-20181204

dev-20181206

dev-20181207

dev-20181208

dev-20181211

dev-20181212

dev-20181214

dev-20181215

dev-20181216

dev-20181218

dev-20181222

dev-20190105

dev-20190108

dev-20190112

dev-20190113

dev-20190115

dev-20190116

dev-20190117

dev-20190118

dev-20190119

dev-20190122

dev-20190123

dev-20190126

dev-20190129

dev-20190130

dev-20190131

dev-20190201

dev-20190202

dev-20190205

dev-20190206

dev-20190207

dev-20190208

dev-20190209

dev-20190212

dev-20190213

dev-20190214

dev-20190215

dev-20190216

dev-20190219

dev-20190220

dev-20190221

dev-20190226

dev-20190227

dev-20190228

dev-20190301

dev-20190305

dev-20190306

dev-20190307

dev-20190308

dev-20190309

dev-20190310

dev-20190312

dev-20190313

dev-20190314

dev-20190316

dev-20190319

dev-20190320

dev-20190321

dev-20190323

dev-20190327

dev-20190328

dev-20190329

dev-20190402

dev-20190403

dev-20190404

dev-20190406

dev-20190408

dev-20190409

dev-20190410

dev-20190411

dev-20190412

dev-20190413

dev-20190414

dev-20190502

dev-20190513

dev-20190514

dev-20190515

dev-20190517

dev-20190518

dev-20190520

dev-20190521

dev-20190522

dev-20190523

dev-20190524

dev-20190528

dev-20190529

dev-20190530

dev-20190531

dev-20190601

dev-20190604

dev-20190605

dev-20190612

dev-20190613

dev-20190615

dev-20190619

dev-20190621

dev-20190622

dev-20190625

dev-20190627

dev-20190629

dev-20190701

dev-20190702

dev-20190703

dev-20190704

dev-20190705

dev-20190710

dev-20190711

dev-20190713

dev-20190716

dev-20190717

dev-20190720

dev-20190723

dev-20190724

dev-20190726

dev-20190727

dev-20190730

dev-20190731

dev-20190802

dev-20190803

dev-20190806

dev-20190808

dev-20190809

dev-20190810

dev-20190813

dev-20190815

dev-20190816

dev-20190817

dev-20190820

dev-20190821

dev-20190822

dev-20190823

dev-20190824

dev-20190827

dev-20190828

dev-20190829

dev-20190903

dev-20190904

dev-20190905

dev-20190906

dev-20190910

dev-20190911

dev-20190913

dev-20190914

dev-20190921

dev-20190924

dev-20190926

dev-20190928

dev-20191002

dev-20191003

dev-20191005

dev-20191008

dev-20191009

dev-20191010

dev-20191011

dev-20191012

dev-20191016

dev-20191017

dev-20191018

dev-20191019

dev-20191022

dev-20191024

dev-20191025

dev-20191026

dev-20191029

dev-20191030

dev-20191031

dev-20191101

dev-20191102

dev-20191106

dev-20191107

dev-20191108

dev-20191113

dev-20191114

dev-20191116

dev-20191119

dev-20191120

dev-20191121

dev-20191123

dev-20191127

dev-20191129

dev-20191203

dev-20191204

dev-20191205

dev-20191206

dev-20191207

dev-20191211

dev-20191213

dev-20191214

dev-20191217

dev-20191218

dev-20191219

dev-20191220

dev-20191221

dev-20200107

dev-20200108

dev-20200109

dev-20200110

dev-20200112

dev-20200115

dev-20200117

dev-20200118

dev-20200121

dev-20200122

dev-20200125

dev-20200128

dev-20200129

oc-android-1-3-12

oc-android-1-3-13

oc-android-1-3-14

oc-android-1-3-17

oc-android-1-3-18

oc-android-1-3-19

oc-android-1-3-20

oc-android-1-3-21

oc-android-1-3-22

oc-android-1-4-0

test

oc-JB-workaround-1.*

oc-JB-workaround-1.0.3

oc-android-1.*

oc-android-1.4.1

oc-android-1.4.3

oc-android-1.4.4

oc-android-1.4.5

oc-android-1.4.6

oc-android-1.5.0

oc-android-1.5.1

oc-android-1.5.2

oc-android-1.5.3

oc-android-1.5.4

oc-android-1.5.5

oc-android-1.5.6

oc-android-1.5.7

oc-android-1.5.8

oc-android-1.6.0

oc-android-1.6.1

oc-android-1.6.2

oc-android-1.6.3-SAML-not-to-release

oc-android-1.6.3-not-to-release

oc-android-1.7.0

oc-android-1.7.0_signed

oc-android-1.7.1_oem

oc-android-1.7.1_signed

oc-android-1.7.2

oc-android-1.8

oc-android-1.9

oc-android-1.9.1

oc-android-2.*

oc-android-2.0.0

oc-android-2.0.1

rc-1.*

rc-1.1.0-01

rc-1.1.0-02

rc-1.2.0-01

rc-1.2.0-02

rc-1.3.0-01

rc-1.3.0-02

rc-1.4.0-01

rc-1.4.0-02

rc-1.4.0-03

rc-1.4.0-04

rc-1.4.1-01

rc-1.4.1-02

rc-1.4.1-03

rc-1.4.1-04

rc-1.4.2-01

rc-1.4.2-02

rc-1.4.2-03

rc-1.4.2-04

rc-2.*

rc-2.0.0-01

rc-2.0.0-02

rc-2.0.0-03

rc-2.0.0-04

rc-2.0.0-05

rc-2.0.0-06

rc-2.0.0-07

rc-2.0.0-08

rc-2.0.0-09

rc-3.*

rc-3.0.0-01

rc-3.0.0-02

rc-3.0.0-03

rc-3.1.0-01

rc-3.1.0-02

rc-3.17.1-01

rc-3.6.0-01

release-0.*

release-0.99

stable-1.*

stable-1.0.0

stable-1.0.1

stable-1.1.0

stable-1.2.0

stable-1.3.0

stable-1.3.1

stable-1.4.0

stable-1.4.1

stable-1.4.2

stable-1.4.3

stable-2.*

stable-2.0.0

Git / github.com/nextcloud/desktop

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/desktop
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d5403feb60fd3bb9e2898d0d54aae01fa75509bc

Affected versions

csync-0.*

csync-0.50.0

Other

e2e-tech-preview-1

v0.*

v0.0.2

v1.*

v1.1.0

v1.1.0-beta1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0

v1.3.0-beta1

v1.3.0-beta2

v1.3.0-beta3

v1.3.0-beta4

v1.4.0

v1.4.0-beta1

v1.4.0-beta2

v1.4.0-rc1

v1.4.1

v1.5.0

v1.5.0-beta1

v1.5.0-beta1-2nd

v1.5.0-beta2

v1.5.0-beta3

v1.5.1

v1.5.1-rc1

v1.5.2

v1.5.3

v1.5.3-rc1

v1.6.0

v1.6.0-beta1

v1.6.0-beta2

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.6.1

v1.6.1-rc1

v1.6.2

v1.6.2-rc1

v1.6.2-rc2

v1.6.2-themefix

v1.7.0

v1.7.0-alpha1

v1.7.0-beta1

v1.7.0-beta2

v1.7.0-beta3

v1.7.0-beta4

v1.7.0-rc1

v1.7.0beta1

v1.7.0beta2

v1.7.1-beta1

v1.7.1-rc1

v1.8.0

v1.8.0-beta1

v1.8.0-beta1a

v1.8.0-beta2

v1.8.0-rc1

v1.8.0rc1

v1.8.1

v1.8.1-beta1

v1.8.1-rc1

v1.8.1-rc2

v1.8.2

v1.8.2-beta1

v1.8.2-rc1

v1.8.3

v1.8.3-rc1

v1.8.3-rc2

v1.8.3-rc3

v2.*

v2.0.0

v2.0.0-beta2

v2.0.0-rc2

v2.0.1

v2.0.2

v2.0.2-oem

v2.0.2-rc1

v2.0.2-rc2

v2.5.0

v2.5.0-beta1

v2.5.0-beta2

v2.5.0-rc1

v2.5.0-rc2

v2.5.1

v2.5.2

v2.5.2-rc1

v2.5.3-rc1

v2.5.3-rc2

v2.7.0-beta1

v2.7.0-beta2

v2.7.0-beta3

v2.7.0-rc1

v3.*

v3.1.0

v3.1.0-rc1

v3.1.0-rc2

v3.17.0

v3.17.0-rc1

v3.17.0-rc2

v3.17.0-rc3

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.3.0

v3.3.0-rc1

v3.3.0-rc2

v3.4.0-do-not-use

v3.4.0-rc1

v3.4.0-rc2

v3.5.0

v3.5.0-rc1

v3.5.0-rc2

v3.5.0-rc3

v3.5.0-rc4

v3.6.0

v3.6.0-rc1

v3.6.0-rc2