CVE-2021-22905
6.5
MEDIUM
CVSS 3.1
EPSS 1.4%
Description
Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.
How to fix CVE-2021-22905
To remediate CVE-2021-22905, upgrade the affected package to a fixed version below.
- Bitnami/nextcloud—upgrade to 3.16.0 or later
Is CVE-2021-22905 being exploited?
Low — EPSS is 1.4%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 3.16.0
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | MEDIUM6.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |