Vulnerability Details : CVE-2021-32726
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, webauthn tokens were not deleted after a user has been deleted. If a victim reused an earlier used username, the previous user could gain access to their account. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Vulnerability category: BypassGain privilege
Products affected by CVE-2021-32726
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
- cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-32726
0.33%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 71 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-32726
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST | |
9.8
|
CRITICAL | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
NIST | |
7.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.2
|
5.9
|
GitHub, Inc. |
CWE ids for CVE-2021-32726
-
When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.Assigned by: nvd@nist.gov (Secondary)
-
The product assigns an owner to a resource, but the owner is outside of the intended control sphere.Assigned by: security-advisories@github.com (Primary)
References for CVE-2021-32726
-
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg
Webauthn tokens not removed after user has been deleted · Advisory · nextcloud/security-advisories · GitHubThird Party Advisory
-
https://hackerone.com/reports/1202590
Sign inPermissions Required
-
https://security.gentoo.org/glsa/202208-17
Nextcloud: Multiple Vulnerabilities (GLSA 202208-17) — Gentoo securityThird Party Advisory
-
https://github.com/nextcloud/server/pull/27532
Properly cleanup entries of WebAuthn on user deletion by MorrisJobke · Pull Request #27532 · nextcloud/server · GitHubThird Party Advisory
Jump to