Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-32734

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.

Published

2021-07-12T22:15:07.897

Last Modified

2024-11-21T06:07:37.803

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 3.1 (LOW)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: PARTIAL
  • Integrity Impact: NONE
  • Availability Impact: NONE
Exploitability Score

10.0

Impact Score

2.9

Weaknesses
  • Type: Secondary
    CWE-209
  • Type: Primary
    CWE-209
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application nextcloud nextcloud_server < 19.0.13 Yes
Application nextcloud nextcloud_server < 20.0.11 Yes
Application nextcloud nextcloud_server < 21.0.3 Yes
References