CVE-2021-32734
Last modified
CVE-2021-32734 is a medium-severity vulnerability rated 5.3/10 on the CVSS scale. Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. EPSS estimates a 1.38% chance of exploitation in the next 30 days.
Description
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 19.0.13 |
| Nextcloud | Nextcloud Server | >= 20.0.0, < 20.0.11 |
| Nextcloud | Nextcloud Server | >= 21.0.0, < 21.0.3 |
References
- https://github.com/nextcloud/text/pull/1695Patch, Third Party Advisory
- https://hackerone.com/reports/1246721Permissions Required
- https://security.gentoo.org/glsa/202208-17Third Party Advisory
- https://github.com/nextcloud/text/pull/1695Patch, Third Party Advisory
- https://hackerone.com/reports/1246721Permissions Required
- https://security.gentoo.org/glsa/202208-17Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-32734?
How severe is CVE-2021-32734?
How do I fix CVE-2021-32734?
Are you affected by CVE-2021-32734?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST