CVE-2022-29160— Sensitive files/data exist after deletion of user account in Nextcloud Android

CVSS 2.8 · Low EPSS 0.07% · P21 Updated Apr 29, 2025

Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2022-29160

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title

Sensitive files/data exist after deletion of user account in Nextcloud Android

Source: NVD (National Vulnerability Database)

Vulnerability Description

Nextcloud Android is the Android client for Nextcloud, a self-hosted productivity platform. Prior to version 3.19.0, sensitive tokens, images, and user related details exist after deletion of a user account. This could result in misuse of the former account holder's information. Nextcloud Android version 3.19.0 contains a patch for this issue. There are no known workarounds available.

Source: NVD (National Vulnerability Database)

CVSS Information

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Source: NVD (National Vulnerability Database)

Vulnerability Type

访问控制不恰当

Source: NVD (National Vulnerability Database)

Vulnerability Title

Nextcloud 访问控制错误漏洞

Source: CNNVD (China National Vulnerability Database)

Vulnerability Description

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Android 3.19.0之前版本存在访问控制错误漏洞，该漏洞源于在删除用户帐户后存在敏感令牌、图像和用户相关详细信息后会导致滥用前帐户持有人的信息。

Source: CNNVD (China National Vulnerability Database)

CVSS Information

N/A

Source: CNNVD (China National Vulnerability Database)

Vulnerability Type

N/A

Source: CNNVD (China National Vulnerability Database)

Affected Products

Vendor	Product	Affected Versions	CPE	Subscribe
nextcloud	security-advisories	< 3.19.0	-

II. Public POCs for CVE-2022-29160

#	POC Description	Source Link	Shenlong Link

AI-Generated POCPremium

No public POC found.

III. Intelligence Information for CVE-2022-29160

请登录查看更多情报信息。

https://hackerone.com/reports/1222873x_refsource_MISC
https://github.com/nextcloud/android/pull/9644x_refsource_MISC
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xcj9-3jch-qr2rx_refsource_CONFIRM
https://nvd.nist.gov/vuln/detail/CVE-2022-29160

Same Patch Batch · nextcloud · 2022-05-20 · 4 CVEs total

CVE-2022-29159	5.0 MEDIUM	Possibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud D
CVE-2022-24906	3.5 LOW	Error in deleting deck cards attachment reveals the full application path in Nextcloud Dec
CVE-2022-29163	3.5 LOW	Bypass of password requirements when sharing a folder via the Circles app in Nextcloud Ser

IV. Related Vulnerabilities

Same product: security-advisories

Same vendor: nextcloud

Same weakness: CWE-284

V. Comments for CVE-2022-29160

No comments yet

Goal Reached Thanks to every supporter — we hit 100%!

CVE-2022-29160— Sensitive files/data exist after deletion of user account in Nextcloud Android

I. Basic Information for CVE-2022-29160

Vulnerability Information

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Vulnerability Title

Vulnerability Description

CVSS Information

Vulnerability Type

Affected Products

II. Public POCs for CVE-2022-29160

III. Intelligence Information for CVE-2022-29160

Same Patch Batch · nextcloud · 2022-05-20 · 4 CVEs total

IV. Related Vulnerabilities

V. Comments for CVE-2022-29160

Leave a comment