CVE-2021-32680

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

History

21 Nov 2024, 06:07

Type Values Removed Values Added
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf - Third Party Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf - Third Party Advisory
References () https://github.com/nextcloud/server/pull/27024 - Patch, Third Party Advisory () https://github.com/nextcloud/server/pull/27024 - Patch, Third Party Advisory
References () https://hackerone.com/reports/1200810 - Permissions Required () https://hackerone.com/reports/1200810 - Permissions Required
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/ -
References () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/ - () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/ -
References () https://security.gentoo.org/glsa/202208-17 - Third Party Advisory () https://security.gentoo.org/glsa/202208-17 - Third Party Advisory

07 Nov 2023, 03:35

Type Values Removed Values Added
References
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/', 'name': 'FEDORA-2021-9b421b78af', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • {'url': 'https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/', 'name': 'FEDORA-2021-6f327296fe', 'tags': ['Mailing List', 'Third Party Advisory'], 'refsource': 'FEDORA'}
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/ -
  • () https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/ -

Information

Published : 2021-07-12 14:15

Updated : 2024-11-21 06:07


NVD link : CVE-2021-32680

Mitre link : CVE-2021-32680

CVE.ORG link : CVE-2021-32680


JSON object : View

Products Affected

fedoraproject

  • fedora

nextcloud

  • nextcloud_server
CWE
CWE-778

Insufficient Logging

NVD-CWE-Other