CVE-2021-32734

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32734

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32734.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32734

Related

GHSA-6hf5-c2c4-2526
openSUSE-SU-2021:1068-1

Published

2021-07-12T22:15:07Z

Modified

2025-01-14T09:23:05.266098Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

8985b7930653139859002eb3eca2852999ed8f0d

Fixed

5d04a3fed226c370feca686032f47d5422b02bb2

Affected versions

v21.*

v21.0.0

v21.0.1

v21.0.1RC1

v21.0.2

v21.0.2RC1

v21.0.3rc1