CVE-2021-39223

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/nextcloud/richdocuments/pull/1760	Patch Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rjcc-4cgj-6v93	Third Party Advisory
https://hackerone.com/reports/1253460	Permissions Required Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nextcloud:richdocuments::::::::
	cpe:2.3:a:nextcloud:richdocuments::::::::

History

No history.

Information

Published : 2021-10-25 22:15

Updated : 2024-02-28 18:48

NVD link : CVE-2021-39223

Mitre link : CVE-2021-39223

CVE.ORG link : CVE-2021-39223

JSON object : View

Products Affected

nextcloud

richdocuments

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-39223", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.2}]}, "published": "2021-10-25T22:15:07.507", "references": [{"url": "https://github.com/nextcloud/richdocuments/pull/1760", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rjcc-4cgj-6v93", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://hackerone.com/reports/1253460", "tags": ["Permissions Required", "Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings."}, {"lang": "es", "value": "Nextcloud es una plataforma de productividad de c\u00f3digo abierto y auto-alojada. La aplicaci\u00f3n Nextcloud Richdocuments versiones anteriores a 3.8.6 y 4.2.3, devolv\u00eda mensajes de excepci\u00f3n literales al usuario. Esto podr\u00eda resultar en una revelaci\u00f3n de la ruta completa en los archivos compartidos. (por ejemplo, un atacante podr\u00eda ver que el archivo \"shared.txt\" se encuentra dentro de \"files/$username/Myfolder/Mysubfolder/shared.txt\"). Es recomendado actualizar la aplicaci\u00f3n Richdocuments a la versi\u00f3n 3.8.6 o 4.2.3. Como soluci\u00f3n, deshabilite la aplicaci\u00f3n Richdocuments en la configuraci\u00f3n de la aplicaci\u00f3n"}], "lastModified": "2021-10-29T14:43:56.177", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42C1FB8C-425E-464B-9302-7E6272BDCC1F", "versionEndExcluding": "3.8.6"}, {"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2FB67AD1-8C13-4246-8E8D-3EE7855BA65D", "versionEndExcluding": "4.2.3", "versionStartIncluding": "4.0.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}