Low severity2.2NVD Advisory· Published Apr 27, 2022· Updated Jun 17, 2026
CVE-2022-24886
CVE-2022-24886
Description
Nextcloud Android app is the Android client for Nextcloud, a self-hosted productivity platform. In versions prior to 3.19.0, any application with notification permission can access contacts if Nextcloud has access to Contacts without applying for the Contacts permission itself. Version 3.19.0 contains a fix for this issue. There are currently no known workarounds.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- Range: <3.19.0
- nextcloud/security-advisoriesv5Range: < 3.19.0
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/android/pull/9726nvdThird Party Advisory
- github.com/nextcloud/security-advisories/security/advisories/GHSA-5cj3-v98r-2wmqnvdThird Party Advisory
- hackerone.com/reports/1161401nvdPermissions RequiredThird Party Advisory
News mentions
0No linked articles in our index yet.