{"id":"CVE-2021-22905","details":"Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user.","modified":"2026-04-10T04:30:15.006723Z","published":"2021-06-11T16:15:11.597Z","related":["GHSA-22v9-q3r6-x7cj"],"references":[{"type":"ADVISORY","url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj"},{"type":"REPORT","url":"https://hackerone.com/reports/1167916"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/android","events":[{"introduced":"0"},{"fixed":"37d2f0b3f473d644242987914f26cd1673c1f6bb"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.16.0"}]}}],"versions":["0.99","1.0.0","1.4.6-easy-setup","dev-20171209","dev-20171211","dev-20171212","dev-20171213","dev-20180809","dev-20180811","dev-20180821","dev-20180823","dev-20180824","dev-20180825","dev-20180829","dev-20180903","dev-20180905","dev-20180907","dev-20180908","dev-20180911","dev-20180912","dev-20180913","dev-20180914","dev-20180915","dev-20180918","dev-20180919","dev-20180920","dev-20180921","dev-20180924","dev-20180925","dev-20180926","dev-20180927","dev-20181006","dev-20181009","dev-20181013","dev-20181016","dev-20181018","dev-20181020","dev-20181023","dev-20181024","dev-20181025","dev-20181026","dev-20181027","dev-20181028","dev-20181030","dev-20181031","dev-20181101","dev-20181102","dev-20181103","dev-20181106","dev-20181107","dev-20181203","dev-20181204","dev-20181206","dev-20181207","dev-20181208","dev-20181211","dev-20181212","dev-20181214","dev-20181215","dev-20181216","dev-20181218","dev-20181222","dev-20190105","dev-20190108","dev-20190112","dev-20190113","dev-20190115","dev-20190116","dev-20190117","dev-20190118","dev-20190119","dev-20190122","dev-20190123","dev-20190126","dev-20190129","dev-20190130","dev-20190131","dev-20190201","dev-20190202","dev-20190205","dev-20190206","dev-20190207","dev-20190208","dev-20190209","dev-20190212","dev-20190213","dev-20190214","dev-20190215","dev-20190216","dev-20190219","dev-20190220","dev-20190221","dev-20190226","dev-20190227","dev-20190228","dev-20190301","dev-20190305","dev-20190306","dev-20190307","dev-20190308","dev-20190309","dev-20190310","dev-20190312","dev-20190313","dev-20190314","dev-20190316","dev-20190319","dev-20190320","dev-20190321","dev-20190323","dev-20190327","dev-20190328","dev-20190329","dev-20190402","dev-20190403","dev-20190404","dev-20190406","dev-20190408","dev-20190409","dev-20190410","dev-20190411","dev-20190412","dev-20190413","dev-20190414","dev-20190502","dev-20190513","dev-20190514","dev-20190515","dev-20190517","dev-20190518","dev-20190520","dev-20190521","dev-20190522","dev-20190523","dev-20190524","dev-20190528","dev-20190529","dev-20190530","dev-20190531","dev-20190601","dev-20190604","dev-20190605","dev-20190612","dev-20190613","dev-20190615","dev-20190619","dev-20190621","dev-20190622","dev-20190625","dev-20190627","dev-20190629","dev-20190701","dev-20190702","dev-20190703","dev-20190704","dev-20190705","dev-20190710","dev-20190711","dev-20190713","dev-20190716","dev-20190717","dev-20190720","dev-20190723","dev-20190724","dev-20190726","dev-20190727","dev-20190730","dev-20190731","dev-20190802","dev-20190803","dev-20190806","dev-20190808","dev-20190809","dev-20190810","dev-20190813","dev-20190815","dev-20190816","dev-20190817","dev-20190820","dev-20190821","dev-20190822","dev-20190823","dev-20190824","dev-20190827","dev-20190828","dev-20190829","dev-20190903","dev-20190904","dev-20190905","dev-20190906","dev-20190910","dev-20190911","dev-20190913","dev-20190914","dev-20190921","dev-20190924","dev-20190926","dev-20190928","dev-20191002","dev-20191003","dev-20191005","dev-20191008","dev-20191009","dev-20191010","dev-20191011","dev-20191012","dev-20191016","dev-20191017","dev-20191018","dev-20191019","dev-20191022","dev-20191024","dev-20191025","dev-20191026","dev-20191029","dev-20191030","dev-20191031","dev-20191101","dev-20191102","dev-20191106","dev-20191107","dev-20191108","dev-20191113","dev-20191114","dev-20191116","dev-20191119","dev-20191120","dev-20191121","dev-20191123","dev-20191127","dev-20191129","dev-20191203","dev-20191204","dev-20191205","dev-20191206","dev-20191207","dev-20191211","dev-20191213","dev-20191214","dev-20191217","dev-20191218","dev-20191219","dev-20191220","dev-20191221","dev-20200107","dev-20200108","dev-20200109","dev-20200110","dev-20200112","dev-20200115","dev-20200117","dev-20200118","dev-20200121","dev-20200122","dev-20200125","dev-20200128","dev-20200129","oc-android-1-3-13","oc-android-1-3-14","oc-android-1-3-17","oc-android-1-3-18","oc-android-1-3-19","oc-android-1-3-20","oc-android-1-4-0","oc-android-1.4.3","oc-android-1.4.4","oc-android-1.4.5","oc-android-1.4.6","oc-android-1.5.3","oc-android-1.7.0","oc-android-1.7.0_signed","oc-android-1.7.1_signed","oc-android-1.8","rc-1.1.0-01","rc-1.1.0-02","rc-1.2.0-01","rc-1.2.0-02","rc-1.3.0-01","rc-1.3.0-02","rc-1.4.0-01","rc-1.4.0-02","rc-1.4.0-03","rc-1.4.0-04","rc-1.4.1-01","rc-1.4.1-02","rc-1.4.1-03","rc-1.4.1-04","rc-1.4.2-01","rc-1.4.2-02","rc-1.4.2-04","rc-2.0.0-01","rc-2.0.0-03","rc-2.0.0-04","rc-2.0.0-05","rc-2.0.0-06","rc-2.0.0-07","rc-2.0.0-08","rc-2.0.0-09","rc-3.0.0-01","rc-3.0.0-02","rc-3.0.0-03","rc-3.1.0-01","rc-3.1.0-02","rc-3.16.0-01","rc-3.16.0-02","rc-3.6.0-01","stable-1.0.0","stable-1.0.1","stable-1.1.0","stable-1.2.0","stable-1.3.0","stable-1.3.1","stable-1.4.0","stable-1.4.1","stable-1.4.2","stable-1.4.3","stable-2.0.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22905.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}