Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-32658: Sensitive data may not be removed from storage on account removal

Nextcloud Android is the Android client for the Nextcloud open source home cloud system. Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys. It is recommended that the Nextcloud Android App is upgraded to 3.16.1

CVE
#android#perl

Impact

Due to a timeout issue the Android client may not properly clean all sensitive data on account removal. This could include sensitive key material such as the End-to-End encryption keys.

Patches

It is recommended that the Nextcloud Android App is upgraded to 3.16.1.

Workarounds

None.

References

  • HackerOne

For more information

If you have any questions or comments about this advisory:

  • Create a post in nextcloud/security-advisories
  • Customers: Open a support ticket at support.nextcloud.com

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907