Vulnerabilities > CVE-2022-29160 - Incomplete Cleanup vulnerability in Nextcloud
Attack vector
LOCAL Attack complexity
LOW Privileges required
LOW Confidentiality impact
LOW Integrity impact
NONE Availability impact
NONE Summary
Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://github.com/nextcloud/android/pull/9644
- https://github.com/nextcloud/android/pull/9644
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2r
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2r
- https://hackerone.com/reports/1222873
- https://hackerone.com/reports/1222873