VDB
CVE-2021-32680
CVE-2021-32680
PUBLISHED
CVSS 3.299999952316284 LOW
Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.
EPSS 0.20% · 42.0th percentile
Risk Scores
CVSS 3.1
3.299999952316284
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
EPSS Score
0.20%
42.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| fedoraproject | fedora | 34, 33 |
| nextcloud | nextcloud_server | 21.0.0, 0, 20.0.0 |
| nextcloud | security-advisories | >= 21.0.0, < 21.0.3, >= 20.0.0, < 20.0.11, < 19.0.13 |
Exploit Intelligence
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf (circl)
- https://github.com/nextcloud/server/pull/27024 (circl)
- https://hackerone.com/reports/1200810 (circl)
- FEDORA-2021-9b421b78af (circl)
- FEDORA-2021-6f327296fe (circl)
- GLSA-202208-17 (circl)
- Admin audit is not properly logging unsetting of expiration date (hackerone)
- Admin audit is not properly logging unsetting of expiration date (hackerone)
- Admin audit is not properly logging unsetting of expiration date (hackerone)
Timeline
- CVE Published
- Jul 13, 2021 EPSS Score
- Jul 15, 2021 PoC Published
- Sep 11, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Jan 8, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 7, 2022 EPSS Score
- Jul 6, 2022 EPSS Score
- Nov 4, 2022 EPSS Score
- Jan 2, 2023 EPSS Score
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf url
- https://github.com/nextcloud/server/pull/27024 url
- https://hackerone.com/reports/1200810 url
- FEDORA-2021-9b421b78af vendor-advisory
- FEDORA-2021-6f327296fe vendor-advisory
- GLSA-202208-17 vendor-advisory