CVE-2021-32654

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.

CVSS v3 9.1 CRITICAL
CVSS v2.0 6.4 MEDIUM

9.1^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.2

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact NONE

Scope UNCHANGED

6.4^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References

Link	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5	Third Party Advisory
https://hackerone.com/reports/1170024	Permissions Required Third Party Advisory
https://security.gentoo.org/glsa/202208-17	Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:nextcloud:nextcloud_server::::::::
	cpe:2.3:a:nextcloud:nextcloud_server::::::::

History

No history.

Information

Published : 2021-06-01 21:15

Updated : 2024-02-28 18:28

NVD link : CVE-2021-32654

Mitre link : CVE-2021-32654

CVE.ORG link : CVE-2021-32654

JSON object : View

Products Affected

nextcloud

nextcloud_server

CWE

CWE-639

Authorization Bypass Through User-Controlled Key

{"id": "CVE-2021-32654", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.4, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:N", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 4.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.2, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.1, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 2.2}]}, "published": "2021-06-01T21:15:07.680", "references": [{"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/1170024", "tags": ["Permissions Required", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://security.gentoo.org/glsa/202208-17", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-639"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing."}, {"lang": "es", "value": "Nextcloud Server es un paquete de Nextcloud que maneja el almacenamiento de datos. En versiones anteriores a 19.0.11, 20.0.10 y 21.0.2, un atacante puede recibir privilegios de escritura y lectura en cualquier recurso compartido de archivo federado. Dado que los enlaces p\u00fablicos pueden ser agregados como archivos compartidos federados, esto tambi\u00e9n puede ser explotado en cualquier enlace p\u00fablico. Los usuarios pueden actualizar a versiones parcheadas (19.0.11, 20.0.10 o 21.0.2) o, como soluci\u00f3n alternativa, deshabilitar el uso compartido de archivos federados"}], "lastModified": "2022-10-26T14:09:39.250", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "90D08DF1-6127-40C6-834D-CEF965C1F55D", "versionEndExcluding": "19.0.11"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5EA550E2-F2F1-4AB8-A713-6EEB5E420CB5", "versionEndExcluding": "20.0.10", "versionStartIncluding": "20.0.0"}, {"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "945C1E54-23CC-4AEF-9E0E-07CDA425C91D", "versionEndExcluding": "21.0.2", "versionStartIncluding": "21.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}