CVE-2021-22912

EPSS 1.4%CWE-200

Vexday Risk Score

3Low

SSVC decision (CISA)

Track

No exploitation signal → monitor

CVSS —EPSS 1.4%KEV nãoPoC —Nuclei —Metasploit —Patch —

Lifecycle

11 Jun 2021Published on NVD

Recommendation: Monitor — no exploitation signal at the moment.

Nextcloud iOS before 3.4.2 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only on the local Nextcloud server unless a global search has been explicitly chosen by the user.

Affected products

n/a · Nextcloud iOS app (it.twsweb.Nextcloud)

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m7w4-cvjr-76mh https://hackerone.com/reports/1167919