CVE-2021-32656Improper Access Control in Security-advisories

CWE-284Improper Access Control2 documents2 sources
Severity
8.6HIGHNVD
EPSS
0.4%
top 38.20%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedJun 1

Description

Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the "Add server automatically once a fed

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:NExploitability: 3.9 | Impact: 4.0

Affected Packages2 packages

NVDnextcloud/nextcloud_server20.0.020.0.10+2
CVEListV5nextcloud/security-advisories< 19.0.11+2

🔴Vulnerability Details

1
CVEList
Trusted servers exchange can be triggered by attacker2021-06-01
CVE-2021-32656 — Improper Access Control | cvebase