Free and open-source vulnerability scanner
Mageni eases for you the vulnerability scanning, assessment, and management process. It is free and open-source.
Install NowAvailable for macOS, Windows, and Linux
Nextcloud Server Multiple Vulnerabilities (Jul 2021)
Information
Severity
Severity
Family
Family
CVSSv2 Base
CVSSv2 Base
CVSSv2 Vector
CVSSv2 Vector
Solution Type
Solution Type
Created
Created
Modified
Modified
Summary
Nextcloud Server is prone to multiple vulnerabilities.
Insight
Insight
The following vulnerabilities exist: - CVE-2021-32678: Ratelimit not applied on OCS API responses - CVE-2021-32679: Filenames not escaped by default in controllers using DownloadResponse - CVE-2021-32680: Audit log is not properly logging unsetting of share expiration date - CVE-2021-32688: Application specific tokens can change their own scope - CVE-2021-32703: Lack of ratelimit on shareinfo endpoint - CVE-2021-32705: Lack of ratelimit on public DAV endpoint - CVE-2021-32725: Default share permissions not respected for federated reshares - CVE-2021-32726: Webauthn tokens not removed after user has been deleted - CVE-2021-32733: XSS in Nextcloud Text application - CVE-2021-32734: File path disclosure of shared files in Nextcloud Text application - CVE-2021-32741: Lack of ratelimit on public share link mount endpoint
Affected Software
Affected Software
Nextcloud server 19.0.12 and prior, 20.0.x through 20.0.10 and 21.0.x through 21.0.2.
Detection Method
Detection Method
Checks if a vulnerable version is present on the target host.
Solution
Solution
Update to version 19.0.13, 20.0.11, 21.0.3 or later.
Common Vulnerabilities and Exposures (CVE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G
- https://github.com/nextcloud/security-advisories/security/advisories/G