CVE-2021-32741

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2021-32741

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32741.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2021-32741

Related

GHSA-crvj-vmf7-xrvr
openSUSE-SU-2021:1068-1

Published

2021-07-12T22:15:07Z

Modified

2025-01-14T09:23:01.950602Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

8985b7930653139859002eb3eca2852999ed8f0d

Fixed

5d04a3fed226c370feca686032f47d5422b02bb2

Affected versions

v21.*

v21.0.0

v21.0.1

v21.0.1RC1

v21.0.2

v21.0.2RC1

v21.0.3rc1