Note: Our advisories are available at https://github.com/nextcloud/security-advisories/security/advisories and we will copy the advisory there later.
Impact
The Nextcloud Android app uses content providers to manage its data. The providers FileContentProvider and DiskLruImageCacheFileProvider have security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system.
Patches
It is recommended that the Nextcloud Android App is upgraded to 3.18.1 or later.
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory:
Note: Our advisories are available at https://github.com/nextcloud/security-advisories/security/advisories and we will copy the advisory there later.
Impact
The Nextcloud Android app uses content providers to manage its data. The providers
FileContentProviderandDiskLruImageCacheFileProviderhave security issues (an SQL injection, and an insufficient permission control, respectively) that allow malicious apps in the same device to access Nextcloud's data bypassing the permission control system.Patches
It is recommended that the Nextcloud Android App is upgraded to 3.18.1 or later.
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory: