Information Disclosure in Nextcloud Android App: Default Server Lookup Vulnerability

Information Disclosure in Nextcloud Android App: Default Server Lookup Vulnerability

CVE-2021-22905 · MEDIUM Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.

Learn more about our Cis Benchmark Audit For Google Android.