Nextcloud 权限许可和访问控制问题漏洞

🗓️ 12 Jul 2021 00:00:00Reported by China National Vulnerability Database of Information SecurityType

cnnvd

cnnvd🔗 www.cnnvd.org.cn👁 1 Views

Nextcloud pre versions 19.0.13, 20.0.11, 21.0.3 allow federated sharing to bypass permissions.

Reporter	Title	Published	Views	Family All 37
ArchLinux	[ASA-202107-22] nextcloud: multiple issues	14 Jul 202100:00	–	archlinux
CNVD	Nextcloud Permission License and Access Control Issues Vulnerabilities	15 Jul 202100:00	–	cnvd
CVE	CVE-2021-32725	12 Jul 202119:30	–	cve
Cvelist	CVE-2021-32725 Default share permissions not respected for federated reshares	12 Jul 202119:30	–	cvelist
EUVD	EUVD-2021-19507	7 Oct 202500:30	–	euvd
Tenable Nessus	GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities	16 Aug 202200:00	–	nessus
Tenable Nessus	openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1068-1)	21 Jul 202100:00	–	nessus
Nextcloud	Default share permissions not respected for federated reshares	12 Jul 202109:22	–	nextcloud
Gentoo Linux	Nextcloud: Multiple Vulnerabilities	10 Aug 202200:00	–	gentoo
NVD	CVE-2021-32725	12 Jul 202120:15	–	nvd

Source	Link
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v
github	www.github.com/nextcloud/server/pull/26946
hackerone	www.hackerone.com/reports/1178320
security	www.security.gentoo.org/glsa/202208-17
vigilance	www.vigilance.fr/vulnerability/Nextcloud-Server-ten-vulnerabilities-35949
packetstormsecurity	www.packetstormsecurity.com/files/168058/Gentoo-Linux-Security-Advisory-202208-17.html
cybersecurity-help	www.cybersecurity-help.cz/vdb/SB2021071213
nvd	www.nvd.nist.gov/vuln/detail/CVE-2021-32725

23 May 2026 00:00Current

5.6Medium risk

Vulners AI Score5.6

CVSS 25

CVSS 3.13.5 - 5.3

EPSS0.0027

federated sharing vulnerability nextcloud permission flaw default share permissions