Headline
CVE-2022-29160
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder’s information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.
Sensitive files/ data exists post deletion of user account
Affected versions
< 3.19.0
Description
Impact
The information could be misused as sensitive token, images and user related details exist despite of user account being deleted.
Patches
It is recommended that the Nextcloud Android app is upgraded to 3.19.0.
Workarounds
No workaround available
References
- PullRequest
- HackerOne
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com