CVE-2021-32801Log File Information Exposure in Security-advisories

CWE-532Log File Information Exposure2 documents2 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 80.67%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Server
Timeline
PublishedSep 7

Description

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/nextcloud_server21.0.021.0.4+2
CVEListV5nextcloud/security-advisories< 20.0.12+2

🔴Vulnerability Details

1
CVEList
Exceptions may have logged Encryption-at-Rest key content in Nextcloud server2021-09-07
CVE-2021-32801 — Log File Information Exposure | cvebase