CVE-2021-32680 — Insufficient Logging in Security-advisories

CWE-778 — Insufficient Logging2 documents2 sources

Severity

3.3LOWNVD

EPSS

0.2%

top 57.87%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Security-advisories Nextcloud Server Fedoraproject Fedora

Timeline

PublishedJul 12

Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server20.0.0 — 20.0.11+2

▶CVEListV5nextcloud/security-advisories< 19.0.13+2

Also affects: Fedora 33, 34

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Audit log is not properly logging unsetting of share expiration date↗2021-07-12

▶