Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v | Third Party Advisory |
https://github.com/nextcloud/server/pull/26946 | Patch Third Party Advisory |
https://hackerone.com/reports/1178320 | Permissions Required |
https://security.gentoo.org/glsa/202208-17 | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
History
26 Oct 2022, 15:20
Type | Values Removed | Values Added |
---|---|---|
References | (GENTOO) https://security.gentoo.org/glsa/202208-17 - Third Party Advisory |
11 Aug 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-277 |
14 Jul 2021, 17:01
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:* | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 5.3 |
CWE | CWE-276 | |
References | (MISC) https://hackerone.com/reports/1178320 - Permissions Required | |
References | (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v - Third Party Advisory | |
References | (MISC) https://github.com/nextcloud/server/pull/26946 - Patch, Third Party Advisory |
12 Jul 2021, 21:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2021-07-12 20:15
Updated : 2024-02-04 21:47
NVD link : CVE-2021-32725
Mitre link : CVE-2021-32725
CVE.ORG link : CVE-2021-32725
JSON object : View
Products Affected
nextcloud
- nextcloud_server