CVE-2021-32734

Sažetak

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-c2c4-2526
https://github.com/nextcloud/text/pull/1695
https://hackerone.com/reports/1246721
https://security.gentoo.org/glsa/202208-17

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	NONE	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:N/A:N

Zadnje važnije ažuriranje

26-10-2022 - 15:20

Objavljeno

12-07-2021 - 22:15