CVE-2021-43863

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-43863

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-43863.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-43863

Related

GHSA-vjp2-f63v-w479

Published

2022-01-25T16:15:08Z

Modified

2025-01-14T22:02:15Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers FileContentProvider and DiskLruImageCacheFileProvider have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading.

References

Affected packages

Git / github.com/nextcloud/android

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/android
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

627caba60e69e223b0fc89c4cb18eaa76a95db95

Fixed

627caba60e69e223b0fc89c4cb18eaa76a95db95