Authorization bypass through user-controlled key in Nextcloud Richdocuments

#VU56361 Authorization bypass through user-controlled key in Nextcloud Richdocuments

Published: 2021-09-07

Vulnerability identifier: #VU56361

Vulnerability risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2021-37628

CWE-ID: N/A

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
Nextcloud Richdocuments
Web applications / Modules and components for CMS

Vendor: Nextcloud

Description

The vulnerability allows a remote attacker to compromise the target system.

The vulnerability exists due to the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed. A remote attacker can read arbitrary files in such a share.

Mitigation
Install updates from vendor's website.

Vulnerable software versions

Nextcloud Richdocuments: 3.8.0 - 4.2.0

External links
http://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in Nextcloud Richdocuments