Description
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.
References (3)
Core 3
Core References
Issue Tracking, Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2r
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://github.com/nextcloud/android/pull/9644
Exploit, Issue Tracking, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1222873
Scores
CVSS v3
2.8
EPSS
0.0036
EPSS Percentile
27.9%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
poc
Automatable
no
Technical Impact
partial
Details
CWE
CWE-284
CWE-459
Status
published
Products (1)
nextcloud/nextcloud
< 3.19.0
Published
May 20, 2022
Tracked Since
Feb 18, 2026