Published: 01/06/2021 Updated: 26/10/2022

CVSS v2 Base Score: 3.5 | Impact Score: 2.9 | Exploitability Score: 6.8

CVSS v3 Base Score: 3.5 | Impact Score: 1.4 | Exploitability Score: 2.1

VMScore: 312

Vector: AV:N/AC:M/Au:S/C:P/I:N/A:N

Nextcloud Server is a Nextcloud package that handles data storage. In versions before 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges. The vulnerability is patched in versions 19.0.11, 20.0.10 and 21.0.2. No workarounds are known to exist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
nextcloud nextcloud server

A security issue has been found in Nextcloud Server before version 2102 An attacker is able to convert a Files Drop link to a federated share This causes an issue on the UI side of the sharing user When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently ...

NVD-CWE-Other https://hackerone.com/reports/1167929 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-grph-cm44-p3jv https://security.gentoo.org/glsa/202208-17 https://nvd.nist.gov https://security.archlinux.org/CVE-2021-32655

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2021-32655

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect