CVE-2021-32725

Sažetak

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v
https://github.com/nextcloud/server/pull/26946
https://hackerone.com/reports/1178320
https://security.gentoo.org/glsa/202208-17

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

26-10-2022 - 15:20

Objavljeno

12-07-2021 - 20:15