CVE-2021-32658

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 08-06-2021 09:15

Last modified: - 25-10-2022 05:47

Total changes: - 3

Description

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Low

Attack complexity

Physical

Attack vector

None

Availability

High

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

4.6

Base score

0.9

3.6

Exploitability score

Impact score

Verification logic

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g5gf-rmhm-wpxw
https://hackerone.com/reports/1189168
https://github.com/nextcloud/android/commit/355f3c745b464b741b20a3b96597303490c26333

Keywords

CVE-2021-32658

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2021-32658

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures