CVE-2021-37628

Source
https://cve.org/CVERecord?id=CVE-2021-37628
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37628.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-37628
Related
  • GHSA-pxhh-954f-8w7w
Published
2021-09-07T21:15:08.730Z
Modified
2026-04-10T04:35:58.018818Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.

References

Affected packages

Git / github.com/nextcloud/richdocuments

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/richdocuments
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
Fixed
Database specific
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "3.8.4"
        },
        {
            "introduced": "4.0.0"
        },
        {
            "fixed": "4.2.1"
        }
    ]
}

Affected versions

1.*
1.1.22
1.1.23
1.1.24
1.1.25
1.1.26
1.12.27
1.12.28
1.12.29
1.12.30
1.12.31
1.12.32
1.12.33
1.12.34
1.12.35
1.12.36
1.12.37
1.12.38
1.12.39
1.12.40
2.*
2.0.0
2.0.1
2.0.10
2.0.2
2.0.3
2.0.4
2.0.5
2.0.6
2.0.7
2.0.8
2.0.9
3.*
3.4.0-beta1
Other
untagged-4ba473c037918af19928
v3.*
v3.0.0-beta1
v3.0.0-beta2
v3.0.0-beta3
v3.0.1
v3.0.2
v3.0.3
v3.0.4
v3.0.5
v3.0.6
v3.1.0
v3.1.1
v3.2.1
v3.2.2
v3.2.3
v3.2.4
v3.3.0
v3.3.1
v3.3.10
v3.3.11
v3.3.12
v3.3.13
v3.3.15
v3.3.2
v3.3.3
v3.3.4
v3.3.5
v3.3.6
v3.3.7
v3.3.8
v3.3.9
v3.4.0
v3.4.0-beta1
v3.4.1
v3.4.2
v3.4.3
v3.4.4
v3.4.5
v3.4.6
v3.5.0
v3.5.1
v3.5.2
v3.6.0
v3.7.0
v3.7.0-beta1
v3.7.0-beta2
v3.7.0-beta3
v3.7.1
v3.7.10
v3.7.11
v3.7.12
v3.7.13
v3.7.14
v3.7.15
v3.7.16
v3.7.17
v3.7.18
v3.7.19
v3.7.2
v3.7.3
v3.7.4
v3.7.5
v3.7.6
v3.7.7
v3.7.8
v3.7.9
v3.8.0
v3.8.1
v3.8.2
v3.8.3
v4.*
v4.0.0
v4.0.1
v4.0.2
v4.0.3
v4.0.4
v4.1.0
v4.1.1
v4.1.2

Database specific

source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-37628.json"