VDB

CVE-2021-32680

CVE-2021-32680 PUBLISHED CVSS 3.299999952316284 LOW

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

EPSS 0.20% · 42.0th percentile

Risk Scores

CVSS 3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.20%
42.0th percentile

Affected Products

VendorProductVersions
fedoraprojectfedora34, 33
nextcloudnextcloud_server21.0.0, 0, 20.0.0
nextcloudsecurity-advisories>= 21.0.0, < 21.0.3, >= 20.0.0, < 20.0.11, < 19.0.13

Timeline

  • CVE Published
  • Jul 13, 2021 EPSS Score
  • Jul 15, 2021 PoC Published
  • Sep 11, 2021 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Jan 8, 2022 EPSS Score
  • Feb 4, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • May 7, 2022 EPSS Score
  • Jul 6, 2022 EPSS Score
  • Nov 4, 2022 EPSS Score
  • Jan 2, 2023 EPSS Score
Open in Interactive Console →
$ Console Community · 100/wk Open console ›