Vulnerability Details : CVE-2021-32658
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1
Vulnerability category: Information leak
Products affected by CVE-2021-32658
- cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32658
0.11%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 46 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32658
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
2.1
|
LOW | AV:L/AC:L/Au:N/C:P/I:N/A:N |
3.9
|
2.9
|
NIST | |
4.6
|
MEDIUM | CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N |
0.9
|
3.6
|
NIST | |
4.7
|
MEDIUM | CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N |
1.0
|
3.6
|
GitHub, Inc. |
CWE ids for CVE-2021-32658
-
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.Assigned by: security-advisories@github.com (Secondary)
-
The product stores, transfers, or shares a resource that contains sensitive information, but it does not properly remove that information before the product makes the resource available to unauthorized actors.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-32658
-
https://hackerone.com/reports/1189168
Sign inExploit;Patch;Third Party Advisory
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g5gf-rmhm-wpxw
Sensitive data may not be removed from storage on account removal · Advisory · nextcloud/security-advisories · GitHubThird Party Advisory
-
https://github.com/nextcloud/android/commit/355f3c745b464b741b20a3b96597303490c26333
check e2e keys · nextcloud/android@355f3c7 · GitHubPatch;Third Party Advisory
Jump to