CVE-2021-32800

Sažetak

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.

Reference

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8q25-785v
https://hackerone.com/reports/1271052
https://github.com/nextcloud/server/pull/28078
https://security.gentoo.org/glsa/202208-17

CVSS

Base:	6.4
Impact:	4.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	NONE

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:N

Zadnje važnije ažuriranje

27-09-2022 - 14:18

Objavljeno

07-09-2021 - 22:15