Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.
Published 2021-06-01 21:15:08
Updated 2022-10-26 14:09:39
Source GitHub, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-32654

Probability of exploitation activity in the next 30 days: 0.14%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 48 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-32654

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
6.4
MEDIUM AV:N/AC:L/Au:N/C:P/I:P/A:N
10.0
4.9
nvd@nist.gov
9.1
CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
3.9
5.2
nvd@nist.gov
8.1
HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
2.2
5.9
security-advisories@github.com

CWE ids for CVE-2021-32654

  • The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
    Assigned by: security-advisories@github.com (Primary)

References for CVE-2021-32654

Products affected by CVE-2021-32654

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!