Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Sensitive data may not be removed from storage on account removal
Vulnerability Description
Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1
CVSS Information
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N
Vulnerability Type
信息暴露
Vulnerability Title
Nextcloud Android 信息泄露漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Android 存在信息泄露漏洞,该漏洞源于由于超时问题,Android客户端可能不会正确清理帐户删除所有敏感数据。攻击者可通过该漏洞获得密钥信息,如端到端加密密钥。以下产品及型号会受到影响: Nextcloud Android App 3.16.1之前版本。
CVSS Information
N/A
Vulnerability Type
N/A