CVE-2021-32727

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32727

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32727.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32727

Aliases

GHSA-5v33-r9cm-7736

Published

2021-07-12T21:15:07.817Z

Modified

2026-05-30T21:59:57.971904Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Android Client is the Android client for Nextcloud. Clients using the Nextcloud end-to-end encryption feature download the public and private key via an API endpoint. In versions prior to 3.16.1, the Nextcloud Android client skipped a step that involved the client checking if a private key belonged to a previously downloaded public certificate. If the Nextcloud instance served a malicious public key, the data would be encrypted for this key and thus could be accessible to a malicious actor. The vulnerability is patched in version 3.16.1. As a workaround, do not add additional end-to-end encrypted devices to a user account.

References

Affected packages

Git / github.com/nextcloud/android

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/android

Events

Introduced

Fixed

5b68a3a475acd0378f91f44dd5eedd79a454b952

Database specific

{
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.16.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

0.*

0.99

1.*

1.0.0

1.4.6-easy-setup

Other

dev-20171209

dev-20171211

dev-20171212

dev-20171213

dev-20180809

dev-20180811

dev-20180821

dev-20180823

dev-20180824

dev-20180825

dev-20180829

dev-20180903

dev-20180905

dev-20180907

dev-20180908

dev-20180911

dev-20180912

dev-20180913

dev-20180914

dev-20180915

dev-20180918

dev-20180919

dev-20180920

dev-20180921

dev-20180924

dev-20180925

dev-20180926

dev-20180927

dev-20181006

dev-20181009

dev-20181013

dev-20181016

dev-20181018

dev-20181020

dev-20181023

dev-20181024

dev-20181025

dev-20181026

dev-20181027

dev-20181028

dev-20181030

dev-20181031

dev-20181101

dev-20181102

dev-20181103

dev-20181106

dev-20181107

dev-20181203

dev-20181204

dev-20181206

dev-20181207

dev-20181208

dev-20181211

dev-20181212

dev-20181214

dev-20181215

dev-20181216

dev-20181218

dev-20181222

dev-20190105

dev-20190108

dev-20190112

dev-20190113

dev-20190115

dev-20190116

dev-20190117

dev-20190118

dev-20190119

dev-20190122

dev-20190123

dev-20190126

dev-20190129

dev-20190130

dev-20190131

dev-20190201

dev-20190202

dev-20190205

dev-20190206

dev-20190207

dev-20190208

dev-20190209

dev-20190212

dev-20190213

dev-20190214

dev-20190215

dev-20190216

dev-20190219

dev-20190220

dev-20190221

dev-20190226

dev-20190227

dev-20190228

dev-20190301

dev-20190305

dev-20190306

dev-20190307

dev-20190308

dev-20190309

dev-20190310

dev-20190312

dev-20190313

dev-20190314

dev-20190316

dev-20190319

dev-20190320

dev-20190321

dev-20190323

dev-20190327

dev-20190328

dev-20190329

dev-20190402

dev-20190403

dev-20190404

dev-20190406

dev-20190408

dev-20190409

dev-20190410

dev-20190411

dev-20190412

dev-20190413

dev-20190414

dev-20190502

dev-20190513

dev-20190514

dev-20190515

dev-20190517

dev-20190518

dev-20190520

dev-20190521

dev-20190522

dev-20190523

dev-20190524

dev-20190528

dev-20190529

dev-20190530

dev-20190531

dev-20190601

dev-20190604

dev-20190605

dev-20190612

dev-20190613

dev-20190615

dev-20190619

dev-20190621

dev-20190622

dev-20190625

dev-20190627

dev-20190629

dev-20190701

dev-20190702

dev-20190703

dev-20190704

dev-20190705

dev-20190710

dev-20190711

dev-20190713

dev-20190716

dev-20190717

dev-20190720

dev-20190723

dev-20190724

dev-20190726

dev-20190727

dev-20190730

dev-20190731

dev-20190802

dev-20190803

dev-20190806

dev-20190808

dev-20190809

dev-20190810

dev-20190813

dev-20190815

dev-20190816

dev-20190817

dev-20190820

dev-20190821

dev-20190822

dev-20190823

dev-20190824

dev-20190827

dev-20190828

dev-20190829

dev-20190903

dev-20190904

dev-20190905

dev-20190906

dev-20190910

dev-20190911

dev-20190913

dev-20190914

dev-20190921

dev-20190924

dev-20190926

dev-20190928

dev-20191002

dev-20191003

dev-20191005

dev-20191008

dev-20191009

dev-20191010

dev-20191011

dev-20191012

dev-20191016

dev-20191017

dev-20191018

dev-20191019

dev-20191022

dev-20191024

dev-20191025

dev-20191026

dev-20191029

dev-20191030

dev-20191031

dev-20191101

dev-20191102

dev-20191106

dev-20191107

dev-20191108

dev-20191113

dev-20191114

dev-20191116

dev-20191119

dev-20191120

dev-20191121

dev-20191123

dev-20191127

dev-20191129

dev-20191203

dev-20191204

dev-20191205

dev-20191206

dev-20191207

dev-20191211

dev-20191213

dev-20191214

dev-20191217

dev-20191218

dev-20191219

dev-20191220

dev-20191221

dev-20200107

dev-20200108

dev-20200109

dev-20200110

dev-20200112

dev-20200115

dev-20200117

dev-20200118

dev-20200121

dev-20200122

dev-20200125

dev-20200128

dev-20200129

oc-android-1-3-13

oc-android-1-3-14

oc-android-1-3-17

oc-android-1-3-18

oc-android-1-3-19

oc-android-1-3-20

oc-android-1-4-0

oc-android-1.*

oc-android-1.4.3

oc-android-1.4.4

oc-android-1.4.5

oc-android-1.4.6

oc-android-1.5.3

oc-android-1.7.0

oc-android-1.7.0_signed

oc-android-1.7.1_signed

oc-android-1.8

rc-1.*

rc-1.1.0-01

rc-1.1.0-02

rc-1.2.0-01

rc-1.2.0-02

rc-1.3.0-01

rc-1.3.0-02

rc-1.4.0-01

rc-1.4.0-02

rc-1.4.0-03

rc-1.4.0-04

rc-1.4.1-01

rc-1.4.1-02

rc-1.4.1-03

rc-1.4.1-04

rc-1.4.2-01

rc-1.4.2-02

rc-1.4.2-04

rc-2.*

rc-2.0.0-01

rc-2.0.0-03

rc-2.0.0-04

rc-2.0.0-05

rc-2.0.0-06

rc-2.0.0-07

rc-2.0.0-08

rc-2.0.0-09

rc-3.*

rc-3.0.0-01

rc-3.0.0-02

rc-3.0.0-03

rc-3.1.0-01

rc-3.1.0-02

rc-3.16.0-01

rc-3.16.0-02

rc-3.16.1-01

rc-3.6.0-01

stable-1.*

stable-1.0.0

stable-1.0.1

stable-1.1.0

stable-1.2.0

stable-1.3.0

stable-1.3.1

stable-1.4.0

stable-1.4.1

stable-1.4.2

stable-1.4.3

stable-2.*

stable-2.0.0

stable-3.*

stable-3.16.0

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32727.json"

Git / github.com/nextcloud/desktop

Affected ranges

Type

GIT

Repo

https://github.com/nextcloud/desktop

Events

Introduced

Fixed

d78359d1bc46600d850b01b234dcd7c6e983ff43

Database specific

{
    "cpe": "cpe:2.3:a:nextcloud:nextcloud:*:*:*:*:*:android:*:*",
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.16.1"
        }
    ],
    "source": "CPE_RANGE"
}

Affected versions

v0.*

v0.0.2

v1.*

v1.1.0

v1.1.0-beta1

v1.1.2

v1.2.0

v1.2.1

v1.2.2

v1.2.3

v1.2.4

v1.2.5

v1.3.0-beta1

v1.3.0-beta2

v1.3.0-beta3

v1.4.0

v1.4.0-beta1

v1.4.0-beta2

v1.4.0-rc1

v1.5.0

v1.5.0-beta1

v1.5.0-beta1-2nd

v1.5.0-beta2

v1.5.0-beta3

v1.5.1-rc1

v1.6.0

v1.6.0-beta1

v1.6.0-beta2

v1.6.0-rc1

v1.6.0-rc2

v1.6.0-rc3

v1.8.0-beta1

v1.8.0-beta1a

v2.*

v2.5.0

v2.5.0-beta1

v2.5.0-beta2

v2.5.0-rc1

v2.5.0-rc2

v2.5.1

v2.5.2

v2.5.2-rc1

v2.5.3-rc1

v2.5.3-rc2

v2.7.0-beta1

v2.7.0-beta2

v2.7.0-beta3

v2.7.0-rc1

v3.*

v3.1.0

v3.1.0-rc1

v3.1.0-rc2

v3.16.0

v3.16.0-rc1

v3.16.0-rc2

v3.16.0-rc3

v3.16.0-rc4

v3.2.0-rc1

v3.2.0-rc2

v3.2.0-rc3

v3.3.0

v3.3.0-rc1

v3.3.0-rc2

v3.4.0-do-not-use

v3.4.0-rc1

v3.4.0-rc2

v3.5.0

v3.5.0-rc1

v3.5.0-rc2

v3.5.0-rc3

v3.5.0-rc4

v3.6.0

v3.6.0-rc1

v3.6.0-rc2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32727.json"