CVE-2021-43863

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2021-43863
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43863.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-43863
Related
  • GHSA-vjp2-f63v-w479
Published
2022-01-25T16:15:08.740Z
Modified
2026-04-10T04:40:33.135690Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading.

References

Affected packages

Git / github.com/nextcloud/android

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/android
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
a23cd53462c359812167ea8c0c8d4973e4d0e40d
Fixed
627caba60e69e223b0fc89c4cb18eaa76a95db95
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.18.1"
        }
    ]
}

Affected versions

0.*
0.99
1.*
1.0.0
1.4.6-easy-setup
Other
dev-20171209
dev-20171211
dev-20171212
dev-20171213
dev-20180809
dev-20180811
dev-20180821
dev-20180823
dev-20180824
dev-20180825
dev-20180829
dev-20180903
dev-20180905
dev-20180907
dev-20180908
dev-20180911
dev-20180912
dev-20180913
dev-20180914
dev-20180915
dev-20180918
dev-20180919
dev-20180920
dev-20180921
dev-20180924
dev-20180925
dev-20180926
dev-20180927
dev-20181006
dev-20181009
dev-20181013
dev-20181016
dev-20181018
dev-20181020
dev-20181023
dev-20181024
dev-20181025
dev-20181026
dev-20181027
dev-20181028
dev-20181030
dev-20181031
dev-20181101
dev-20181102
dev-20181103
dev-20181106
dev-20181107
dev-20181203
dev-20181204
dev-20181206
dev-20181207
dev-20181208
dev-20181211
dev-20181212
dev-20181214
dev-20181215
dev-20181216
dev-20181218
dev-20181222
dev-20190105
dev-20190108
dev-20190112
dev-20190113
dev-20190115
dev-20190116
dev-20190117
dev-20190118
dev-20190119
dev-20190122
dev-20190123
dev-20190126
dev-20190129
dev-20190130
dev-20190131
dev-20190201
dev-20190202
dev-20190205
dev-20190206
dev-20190207
dev-20190208
dev-20190209
dev-20190212
dev-20190213
dev-20190214
dev-20190215
dev-20190216
dev-20190219
dev-20190220
dev-20190221
dev-20190226
dev-20190227
dev-20190228
dev-20190301
dev-20190305
dev-20190306
dev-20190307
dev-20190308
dev-20190309
dev-20190310
dev-20190312
dev-20190313
dev-20190314
dev-20190316
dev-20190319
dev-20190320
dev-20190321
dev-20190323
dev-20190327
dev-20190328
dev-20190329
dev-20190402
dev-20190403
dev-20190404
dev-20190406
dev-20190408
dev-20190409
dev-20190410
dev-20190411
dev-20190412
dev-20190413
dev-20190414
dev-20190502
dev-20190513
dev-20190514
dev-20190515
dev-20190517
dev-20190518
dev-20190520
dev-20190521
dev-20190522
dev-20190523
dev-20190524
dev-20190528
dev-20190529
dev-20190530
dev-20190531
dev-20190601
dev-20190604
dev-20190605
dev-20190612
dev-20190613
dev-20190615
dev-20190619
dev-20190621
dev-20190622
dev-20190625
dev-20190627
dev-20190629
dev-20190701
dev-20190702
dev-20190703
dev-20190704
dev-20190705
dev-20190710
dev-20190711
dev-20190713
dev-20190716
dev-20190717
dev-20190720
dev-20190723
dev-20190724
dev-20190726
dev-20190727
dev-20190730
dev-20190731
dev-20190802
dev-20190803
dev-20190806
dev-20190808
dev-20190809
dev-20190810
dev-20190813
dev-20190815
dev-20190816
dev-20190817
dev-20190820
dev-20190821
dev-20190822
dev-20190823
dev-20190824
dev-20190827
dev-20190828
dev-20190829
dev-20190903
dev-20190904
dev-20190905
dev-20190906
dev-20190910
dev-20190911
dev-20190913
dev-20190914
dev-20190921
dev-20190924
dev-20190926
dev-20190928
dev-20191002
dev-20191003
dev-20191005
dev-20191008
dev-20191009
dev-20191010
dev-20191011
dev-20191012
dev-20191016
dev-20191017
dev-20191018
dev-20191019
dev-20191022
dev-20191024
dev-20191025
dev-20191026
dev-20191029
dev-20191030
dev-20191031
dev-20191101
dev-20191102
dev-20191106
dev-20191107
dev-20191108
dev-20191113
dev-20191114
dev-20191116
dev-20191119
dev-20191120
dev-20191121
dev-20191123
dev-20191127
dev-20191129
dev-20191203
dev-20191204
dev-20191205
dev-20191206
dev-20191207
dev-20191211
dev-20191213
dev-20191214
dev-20191217
dev-20191218
dev-20191219
dev-20191220
dev-20191221
dev-20200107
dev-20200108
dev-20200109
dev-20200110
dev-20200112
dev-20200115
dev-20200117
dev-20200118
dev-20200121
dev-20200122
dev-20200125
dev-20200128
dev-20200129
oc-android-1-3-13
oc-android-1-3-14
oc-android-1-3-17
oc-android-1-3-18
oc-android-1-3-19
oc-android-1-3-20
oc-android-1-4-0
oc-android-1.*
oc-android-1.4.3
oc-android-1.4.4
oc-android-1.4.5
oc-android-1.4.6
oc-android-1.5.3
oc-android-1.7.0
oc-android-1.7.0_signed
oc-android-1.7.1_signed
oc-android-1.8
rc-1.*
rc-1.1.0-01
rc-1.1.0-02
rc-1.2.0-01
rc-1.2.0-02
rc-1.3.0-01
rc-1.3.0-02
rc-1.4.0-01
rc-1.4.0-02
rc-1.4.0-03
rc-1.4.0-04
rc-1.4.1-01
rc-1.4.1-02
rc-1.4.1-03
rc-1.4.1-04
rc-1.4.2-01
rc-1.4.2-02
rc-1.4.2-04
rc-2.*
rc-2.0.0-01
rc-2.0.0-03
rc-2.0.0-04
rc-2.0.0-05
rc-2.0.0-06
rc-2.0.0-07
rc-2.0.0-08
rc-2.0.0-09
rc-3.*
rc-3.0.0-01
rc-3.0.0-02
rc-3.0.0-03
rc-3.1.0-01
rc-3.1.0-02
rc-3.17.1-01
rc-3.18.0-01
rc-3.18.0-02
rc-3.18.0-03
rc-3.18.0-04
rc-3.18.0-05
rc-3.18.0-06
rc-3.18.1-01
rc-3.18.1-02
rc-3.6.0-01
stable-1.*
stable-1.0.0
stable-1.0.1
stable-1.1.0
stable-1.2.0
stable-1.3.0
stable-1.3.1
stable-1.4.0
stable-1.4.1
stable-1.4.2
stable-1.4.3
stable-2.*
stable-2.0.0
stable-3.*
stable-3.18.0

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43863.json"