CVE-2021-32725

Default share permissions not respected for federated reshares

CVSS 3.5 LOWEPSS 1.2%CWE-277

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N

Produtos afetados

nextcloud · security-advisories

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v https://github.com/nextcloud/server/pull/26946 https://hackerone.com/reports/1178320 https://security.gentoo.org/glsa/202208-17