CVE-2021-32734Information Exposure via Error Message in Security-advisories

CWE-209Information Exposure via Error Message2 documents2 sources
Severity
5.3MEDIUMNVD
CNA3.1
EPSS
0.3%
top 44.38%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedJul 12

Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server20.0.020.0.11+2
CVEListV5nextcloud/security-advisories< 19.0.13+2

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
File path disclosure of shared files in Nextcloud Text application2021-07-12
CVE-2021-32734 — Information Exposure via Error Message | cvebase