CVE-2021-37629Sensitive Information Exposure in Security-advisories

CWE-200Sensitive Information ExposureCWE-770Allocation of Resources Without Limits or Throttling2 documents2 sources
Severity
5.3MEDIUMNVD
EPSS
0.4%
top 40.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Security-advisoriesNextcloud Richdocuments
Timeline
PublishedSep 7

Description

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/richdocuments4.0.04.2.1+1
CVEListV5nextcloud/security-advisories< 3.8.4+1

🔴Vulnerability Details

1
CVEList
Lack of ratelimit on Richdocuments OCS endpoint in nextcloud2021-09-07
CVE-2021-37629 — Sensitive Information Exposure | cvebase