{"id":"CVE-2021-22912","details":"Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.","modified":"2026-04-10T04:30:14.968714Z","published":"2021-06-11T16:15:11.753Z","related":["GHSA-m7w4-cvjr-76mh"],"references":[{"type":"ADVISORY","url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m7w4-cvjr-76mh"},{"type":"REPORT","url":"https://hackerone.com/reports/1167919"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nextcloud/android","events":[{"introduced":"0"},{"fixed":"d98909c0d5c4a9495b583a4d32a8bb473fff209d"}],"database_specific":{"versions":[{"introduced":"0"},{"fixed":"3.4.2"}]}}],"versions":["0.99","1.0.0","1.4.6-easy-setup","dev-20171209","dev-20171211","dev-20171212","dev-20171213","dev-20180809","dev-20180811","dev-20180821","dev-20180823","dev-20180824","dev-20180825","dev-20180829","dev-20180903","dev-20180905","dev-20180907","dev-20180908","dev-20180911","dev-20180912","dev-20180913","dev-20180914","dev-20180915","dev-20180918","dev-20180919","dev-20180920","dev-20180921","dev-20180924","dev-20180925","dev-20180926","dev-20180927","dev-20181006","dev-20181009","dev-20181013","dev-20181016","dev-20181018","dev-20181020","dev-20181023","dev-20181024","dev-20181025","dev-20181026","dev-20181027","dev-20181028","dev-20181030","dev-20181031","dev-20181101","dev-20181102","dev-20181103","dev-20181106","dev-20181107","oc-android-1-3-13","oc-android-1-3-14","oc-android-1-3-17","oc-android-1-3-18","oc-android-1-3-19","oc-android-1-3-20","oc-android-1-4-0","oc-android-1.4.3","oc-android-1.4.4","oc-android-1.4.5","oc-android-1.4.6","oc-android-1.5.3","oc-android-1.7.0","oc-android-1.7.0_signed","oc-android-1.7.1_signed","oc-android-1.8","rc-1.1.0-01","rc-1.1.0-02","rc-1.2.0-01","rc-1.2.0-02","rc-1.3.0-01","rc-1.3.0-02","rc-1.4.0-01","rc-1.4.0-02","rc-1.4.0-03","rc-1.4.0-04","rc-1.4.1-01","rc-1.4.1-02","rc-1.4.1-03","rc-1.4.1-04","rc-1.4.2-01","rc-1.4.2-02","rc-1.4.2-04","rc-2.0.0-01","rc-2.0.0-03","rc-2.0.0-04","rc-2.0.0-05","rc-2.0.0-06","rc-2.0.0-07","rc-2.0.0-08","rc-2.0.0-09","rc-3.0.0-01","rc-3.0.0-02","rc-3.0.0-03","rc-3.1.0-01","rc-3.1.0-02","rc-3.4.0-01","rc-3.4.0-02","rc-3.4.0-03","rc-3.4.1-02","rc-3.4.2-01","rc-3.4.2-02","stable-1.0.0","stable-1.0.1","stable-1.1.0","stable-1.2.0","stable-1.3.0","stable-1.3.1","stable-1.4.0","stable-1.4.1","stable-1.4.2","stable-1.4.3","stable-2.0.0","stable-3.4.0","stable-3.4.1"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-22912.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}