Vulnerability Details : CVE-2021-32656

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a federated share was created successfully" setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable "Add server automatically once a federated share was created successfully" in the Nextcloud settings.
Vulnerability category: BypassGain privilege
Published 2021-06-01 22:15:08
Updated 2022-10-25 15:47:12
Source GitHub, Inc.
View at NVD,   CVE.org

Exploit prediction scoring system (EPSS) score for CVE-2021-32656

Probability of exploitation activity in the next 30 days: 0.11%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 44 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2021-32656

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Source
5.0
 MEDIUM AV:N/AC:L/Au:N/C:P/I:N/A:N
10.0
2.9
 nvd@nist.gov
8.6
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3.9
4.0
 nvd@nist.gov
8.6
 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
3.9
4.0
 security-advisories@github.com

CWE ids for CVE-2021-32656

  • The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.
    Assigned by: security-advisories@github.com (Primary)

References for CVE-2021-32656

Products affected by CVE-2021-32656

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!
Accept Close