VDB

CVE-2021-32801

CVE-2021-32801 PUBLISHED CVSS 5.5 MEDIUM

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.

EPSS 0.06% · 19.7th percentile

Risk Scores

CVSS 3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
EPSS Score
0.06%
19.7th percentile

Affected Products

VendorProductVersions
nextcloudsecurity-advisories< 20.0.12, >= 22.0.0, < 22.1.0, *
nextcloudnextcloud_server0, 21.0.0, 22.0.0

Exploit Intelligence

Timeline

  • Sep 6, 2021 CVE Published
  • Sep 8, 2021 EPSS Score
  • Nov 5, 2021 EPSS Score
  • Jan 1, 2022 EPSS Score
  • Jan 6, 2022 EPSS Score
  • Feb 28, 2022 EPSS Score
  • Apr 1, 2022 EPSS Score
  • Apr 27, 2022 EPSS Score
  • Jun 24, 2022 EPSS Score
  • Aug 21, 2022 EPSS Score
  • Oct 18, 2022 EPSS Score
  • Dec 15, 2022 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›