Nextcloud · Nextcloud Android App · CVE-2022-24886
**Name of the Vulnerable Software and Affected Versions**
Nextcloud Android app versions prior to 3.19.0
**Description**
The issue allows any application with notification permission to access contacts if Nextcloud has access to Contacts, without the application needing to apply for the Contacts permission itself. There are currently no known workarounds for this issue.
**Recommendations**
For versions prior to 3.19.0, update to version 3.19.0 to resolve the issue.