{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T09:12:31.985","vulnerabilities":[{"cve":{"id":"CVE-2021-22905","sourceIdentifier":"support@hackerone.com","published":"2021-06-11T16:15:11.597","lastModified":"2024-11-21T05:50:53.157","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Android App (com.nextcloud.client) before v3.16.0 is vulnerable to information disclosure due to searches for sharees being performed by default on the lookup server instead of only using the local Nextcloud server unless a global search has been explicitly chosen by the user."},{"lang":"es","value":"Nextcloud Android App (com.nextcloud.client) versiones anteriores a v3.16.0, es vulnerable a una divulgación de información debido a que las búsquedas de compartidos se llevó a cabo por defecto en el servidor de búsqueda en lugar de usar únicamente el servidor local de Nextcloud, a menos que una búsqueda global haya sido elegida explícitamente  por el usuario"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N","baseScore":6.5,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.8,"impactScore":3.6}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:N/A:N","baseScore":4.3,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":true}]},"weaknesses":[{"source":"support@hackerone.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-200"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*","versionEndExcluding":"3.16.0","matchCriteriaId":"BEDB50B2-9F6D-44E3-A9B9-606FE151C08A"}]}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj","source":"support@hackerone.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1167916","source":"support@hackerone.com","tags":["Exploit","Issue Tracking","Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-22v9-q3r6-x7cj","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1167916","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Exploit","Issue Tracking","Third Party Advisory"]}]}}]}