CVE-2021-32741

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr - Third Party Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr - Third Party Advisory
References () https://github.com/nextcloud/server/pull/26958 - Patch, Third Party Advisory () https://github.com/nextcloud/server/pull/26958 - Patch, Third Party Advisory
References () https://hackerone.com/reports/1192144 - Permissions Required () https://hackerone.com/reports/1192144 - Permissions Required

14 Jul 2021, 15:06

Type Values Removed Values Added
CPE cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
CWE NVD-CWE-Other
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 5.3
References (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr - (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr - Third Party Advisory
References (MISC) https://github.com/nextcloud/server/pull/26958 - (MISC) https://github.com/nextcloud/server/pull/26958 - Patch, Third Party Advisory
References (MISC) https://hackerone.com/reports/1192144 - (MISC) https://hackerone.com/reports/1192144 - Permissions Required

12 Jul 2021, 22:15

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-12 22:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32741

Mitre link : CVE-2021-32741

CVE.ORG link : CVE-2021-32741


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-799

Improper Control of Interaction Frequency

NVD-CWE-Other