CVE-2021-32725Insecure Inherited Permissions in Security-advisories

CWE-277Insecure Inherited PermissionsCWE-276Incorrect Default Permissions2 documents2 sources
Severity
5.3MEDIUMNVD
CNA3.5
EPSS
0.3%
top 49.49%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedJul 12

Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server20.0.020.0.11+2
CVEListV5nextcloud/security-advisories< 19.0.13+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Default share permissions not respected for federated reshares2021-07-12
CVE-2021-32725 — Insecure Inherited Permissions | cvebase