CVE-2021-43863

Name of the Vulnerable Software and Affected Versions Nextcloud Android app versions prior to 3.18.1

Description The Nextcloud Android app has security issues in its content providers, FileContentProvider and DiskLruImageCacheFileProvider, which include an SQL injection and insufficient permission control. These issues allow malicious apps on the same device to access Nextcloud's data by bypassing the permission control system.

Recommendations For versions prior to 3.18.1, upgrade to version 3.18.1 to receive a patch. As a temporary workaround, consider restricting access to the FileContentProvider and DiskLruImageCacheFileProvider providers until a patch is available.