CVE-2021-22905

Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
hackeroneCNA
---
---
CVEADP
---
---
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 56%
Common Weakness Enumeration
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj
https://hackerone.com/reports/1167916
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj
https://hackerone.com/reports/1167916