Multiple vulnerabilities in Nextcloud Server
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 7 |
| CVE-ID | CVE-2021-32733 CVE-2021-32703 CVE-2021-32725 CVE-2021-32734 CVE-2021-32726 CVE-2021-32741 CVE-2021-32705 |
| CWE-ID | CWE-79 CWE-799 CWE-264 CWE-200 CWE-708 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software Subscribe |
Nextcloud Server Client/Desktop applications / Messaging software |
| Vendor | Nextcloud |
Security Bulletin
This security bulletin contains information about 7 vulnerabilities.
1) Cross-site scripting
EUVDB-ID: #VU54665
Risk: Low
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32733
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in the Text application. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-x4w3-jhcr-57pq/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Improper control of interaction frequency
EUVDB-ID: #VU54673
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32703
CWE-ID:
CWE-799 - Improper Control of Interaction Frequency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to a lack of ratelimiting on the shareinfo endpoint. A remote attacker can enumerate potentially valid share tokens.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-375p-cxxq-gc9p/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU54671
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32725
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to default share permissions are not respected for federated reshares of files and folders, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Information disclosure
EUVDB-ID: #VU54670
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32734
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Nextcloud Text application shipped with Nextcloud server did return verbatim exception messages to the user. A remote attacker can gain unauthorized access to sensitive information on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-c2c4-2526/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Incorrect Ownership Assignment
EUVDB-ID: #VU54669
Risk: Medium
CVSSv3.1: 6.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32726
CWE-ID:
CWE-708 - Incorrect Ownership Assignment
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to the Webauthn tokens are not deleted after a user has been deleted. If a victim reuse an earlier used username, the previous user can gain access to their account.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Improper control of interaction frequency
EUVDB-ID: #VU54668
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32741
CWE-ID:
CWE-799 - Improper Control of Interaction Frequency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to a lack of ratelimiting on the public share link mount endpoint. A remote attacker can enumerate potentially valid share tokens.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Improper control of interaction frequency
EUVDB-ID: #VU54667
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-32705
CWE-ID:
CWE-799 - Improper Control of Interaction Frequency
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information on the target system.
The vulnerability exists due to a lack of ratelimiting on the public DAV endpoint. A remote attacker can enumerate potentially valid share tokens or credentials.
MitigationInstall updates from vendor's website.
Vulnerable software versionsNextcloud Server: 19.0.0 - 21.0.2
External linkshttp://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
