CVE-2021-32741

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-32741
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-32741.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-32741
Aliases
  • GHSA-crvj-vmf7-xrvr
Published
2021-07-12T22:15:07Z
Modified
2024-06-06T13:47:51.166159Z
Severity
  • 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v21.*

v21.0.0
v21.0.1
v21.0.1RC1
v21.0.2
v21.0.2RC1
v21.0.3rc1