CVE-2021-41239
published 2022-03-08CVE-2021-41239: Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user…
PriorityP426medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
1.09%
61.2th percentile
Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| nextcloud | nextcloud_server | < 20.0.14 | 20.0.14 |
| nextcloud | nextcloud_server | — | — |
| nextcloud | nextcloud_server | >= 21.0.0 < 21.0.6 | 21.0.6 |
| nextcloud | security-advisories | < 20.0.14 | 20.0.14 |
| nextcloud | security-advisories | — | — |
| nextcloud | security-advisories | — | — |
CVSS provenance
nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No advisories linked to this vulnerability.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g722-cm3h-8wrxhttps://github.com/nextcloud/server/issues/27122https://github.com/nextcloud/server/pull/29260https://security.gentoo.org/glsa/202208-17https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g722-cm3h-8wrxhttps://github.com/nextcloud/server/issues/27122https://github.com/nextcloud/server/pull/29260https://security.gentoo.org/glsa/202208-17
2022-03-08
Published