CVE-2021-32705

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*

History

11 Aug 2022, 01:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-17 -
CWE CWE-307 CWE-799

20 Sep 2021, 12:31

Type Values Removed Values Added
References
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/ - Mailing List, Third Party Advisory
  • (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/ - Mailing List, Third Party Advisory
CPE cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

14 Jul 2021, 18:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CPE cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
CWE CWE-307
References (MISC) https://hackerone.com/reports/1192159 - (MISC) https://hackerone.com/reports/1192159 - Permissions Required
References (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54 - (CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54 - Third Party Advisory
References (MISC) https://github.com/nextcloud/server/pull/27610 - (MISC) https://github.com/nextcloud/server/pull/27610 - Patch, Third Party Advisory

12 Jul 2021, 16:19

Type Values Removed Values Added
New CVE

Information

Published : 2021-07-12 16:15

Updated : 2022-08-11 01:15


NVD link : CVE-2021-32705

Mitre link : CVE-2021-32705


JSON object : View

Products Affected

nextcloud

  • nextcloud_server

fedoraproject

  • fedora
CWE
CWE-799

Improper Control of Interaction Frequency