cbcvebase.
CVE-2021-22877
published 2021-03-03

CVE-2021-22877: A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not…

PriorityP336medium6.5CVSS 3.1
AVNACLPRHUINSUCHIHAN
EPSS
1.69%
74.1th percentile
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user's own credentials for other users external storage configuration when not already configured yet.

Affected

3 ranges
VendorProductVersion rangeFixed in
fedoraprojectfedora
nextcloudnextcloud_server< 20.0.620.0.6
nextcloudnextcloud_server

CVSS provenance

nvdv3.16.5MEDIUMCVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N
nvdv2.05.5MEDIUMAV:N/AC:L/Au:S/C:P/I:P/A:N
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.