CVE-2021-39224

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings.

CVSS v3 5.3 MEDIUM
CVSS v2.0 5.0 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://github.com/nextcloud/officeonline/pull/204	Patch Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:nextcloud:officeonline:*:*:*:*:*:*:*:*

History

29 Oct 2021, 14:48

Type	Values Removed	Values Added
References	~~(CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h -~~	(CONFIRM) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h - Third Party Advisory
References	~~(MISC) https://github.com/nextcloud/officeonline/pull/204 -~~	(MISC) https://github.com/nextcloud/officeonline/pull/204 - Patch, Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 5.0 v3 : 5.3
CWE	~~CWE-200~~	NVD-CWE-noinfo
CPE		cpe:2.3:a:nextcloud:officeonline::::::::

25 Oct 2021, 22:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-10-25 22:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-39224

Mitre link : CVE-2021-39224

CVE.ORG link : CVE-2021-39224

JSON object : View

Products Affected

nextcloud

officeonline

CWE

NVD-CWE-noinfo CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2021-39224", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 3.5, "attackVector": "NETWORK", "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "LOW"}, "impactScore": 1.4, "exploitabilityScore": 2.1}]}, "published": "2021-10-25T22:15:07.577", "references": [{"url": "https://github.com/nextcloud/officeonline/pull/204", "tags": ["Patch", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-200"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings."}, {"lang": "es", "value": "Nextcloud es una plataforma de productividad de c\u00f3digo abierto y auto-alojada. La aplicaci\u00f3n Nextcloud OfficeOnline versiones anteriores a 1.1.1, devolv\u00eda mensajes de excepci\u00f3n literales al usuario. Esto podr\u00eda resultar en una revelaci\u00f3n de la ruta completa en los archivos compartidos. (por ejemplo, un atacante podr\u00eda ver que el archivo \"shared.txt\" se encuentra dentro de \"/files/$username/Myfolder/Mysubfolder/shared.txt\"). Es recomendado actualizar la aplicaci\u00f3n OfficeOnline a la versi\u00f3n 1.1.1. Como soluci\u00f3n, se puede deshabilitar la aplicaci\u00f3n OfficeOnline en la configuraci\u00f3n de la aplicaci\u00f3n"}], "lastModified": "2021-10-29T14:48:38.833", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:officeonline:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "61C2D596-4CBB-4888-B948-278F3D502F2B", "versionEndExcluding": "1.1.1"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}