CVE-2021-22905

{"id": "CVE-2021-22905", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 4.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2021-06-11T16:15:11.597", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj", "tags": ["Third Party Advisory"], "source": "support@hackerone.com"}, {"url": "https://hackerone.com/reports/1167916", "tags": ["Exploit", "Issue Tracking", "Third Party Advisory"], "source": "support@hackerone.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-200"}]}, {"type": "Secondary", "source": "support@hackerone.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user."}, {"lang": "es", "value": "Nextcloud Android App (com.nextcloud.client) versiones anteriores a v3.16.0, es vulnerable a una divulgaci\u00f3n de informaci\u00f3n debido a que las b\u00fasquedas de compartidos se llev\u00f3 a cabo por defecto en el servidor de b\u00fasqueda en lugar de usar \u00fanicamente el servidor local de Nextcloud, a menos que una b\u00fasqueda global haya sido elegida expl\u00edcitamente por el usuario"}], "lastModified": "2021-06-22T19:21:40.370", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*", "vulnerable": true, "matchCriteriaId": "BEDB50B2-9F6D-44E3-A9B9-606FE151C08A", "versionEndExcluding": "3.16.0"}], "operator": "OR"}]}], "sourceIdentifier": "support@hackerone.com"}