VDB
CVE-2021-32734
CVE-2021-32734
PUBLISHED
CVSS 3.0999999046325684 LOW
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
EPSS 0.33% · 55.9th percentile
Risk Scores
CVSS 3.1
3.0999999046325684
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.33%
55.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| nextcloud | security-advisories | < 19.0.13, >= 20.0.0, < 20.0.11, >= 21.0.0, < 21.0.3 |
| nextcloud | nextcloud_server | 20.0.0, 21.0.0, 0 |
Exploit Intelligence
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-c2c4-2526 (circl)
- https://github.com/nextcloud/text/pull/1695 (circl)
- https://hackerone.com/reports/1246721 (circl)
- GLSA-202208-17 (circl)
- Text app leaks file path of shared files (hackerone)
- Text app leaks file path of shared files (hackerone)
- Text app leaks file path of shared files (hackerone)
Timeline
- CVE Published
- Jul 13, 2021 EPSS Score
- Aug 11, 2021 PoC Published
- Sep 11, 2021 EPSS Score
- Nov 9, 2021 EPSS Score
- Jan 8, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Mar 9, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 7, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 4, 2022 EPSS Score