VDB

CVE-2021-41241

CVE-2021-41241 PUBLISHED CVSS 4.300000190734863 MEDIUM

Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting "advanced permissions" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the "groupfolders" application in the admin settings.

EPSS 0.23% · 46.3th percentile

Risk Scores

CVSS 3.1
4.300000190734863
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
EPSS Score
0.23%
46.3th percentile

Affected Products

VendorProductVersions
nextcloudsecurity-advisories< 20.0.14, >= 21.0.0, < 21.0.6, *
nextcloudnextcloud_server21.0.0, 22.2.0, 0

Exploit Intelligence

Timeline

  • Mar 8, 2022 CVE Published
  • Mar 9, 2022 EPSS Score
  • Apr 29, 2022 EPSS Score
  • Jun 20, 2022 EPSS Score
  • Aug 11, 2022 EPSS Score
  • Oct 2, 2022 EPSS Score
  • Nov 22, 2022 EPSS Score
  • Jan 13, 2023 EPSS Score
  • Mar 5, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 26, 2023 EPSS Score
  • Jun 16, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›