VDB
CVE-2021-32726
CVE-2021-32726
PUBLISHED
CVSS 7.099999904632568 HIGH
De multiples vulnérabilités ont été découvertes dans Nextcloud Server. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un contournement de la politique de sécurité et une atteinte à l'intégrité des données.
EPSS 0.55% · 68.4th percentile
Risk Scores
CVSS 3.1
7.099999904632568
CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:H
EPSS Score
0.55%
68.4th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | N/A | |
| nextcloud | security-advisories | < 19.0.13, >= 20.0.0, < 20.0.11, >= 21.0.0, < 21.0.3 |
| nextcloud | nextcloud_server | 21.0.0, 0, 20.0.0 |
Exploit Intelligence
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6qr9-c846-j8mg (circl)
- https://github.com/nextcloud/server/pull/27532 (circl)
- https://hackerone.com/reports/1202590 (circl)
- GLSA-202208-17 (circl)
- Webauthn tokens are not removed on user deletion (hackerone)
- Webauthn tokens are not removed on user deletion (hackerone)
- Webauthn tokens are not removed on user deletion (hackerone)
Timeline
- CVE Published
- Jul 13, 2021 EPSS Score
- Aug 7, 2021 PoC Published
- Sep 11, 2021 EPSS Score
- Nov 9, 2021 EPSS Score
- Jan 8, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 7, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 4, 2022 EPSS Score