Security Advisory

CVE-2021-43863

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2022-01-25 15:25:11
Last updated 2025-04-23 19:09:19
Assigner GitHub_M
State PUBLISHED

Description

The Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. The Nextcloud Android app uses content providers to manage its data. Prior to version 3.18.1, the providers `FileContentProvider` and `DiskLruImageCacheFileProvider` have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextclouds data bypassing the permission control system. Users should upgrade to version 3.18.1 to receive a patch. There are no known workarounds aside from upgrading.