Nextcloud Information Disclosure Vulnerability (CNVD-2021-70109)

An information disclosure vulnerability exists in Nextcloud Richdocuments, an open source self-hosted file synchronization and sharing communication application platform from Nextcloud Germany, which stems from the fact that in the affected version, the Richdocuments OCS endpoint is not rate-limited. This could allow an attacker to enumerate potentially valid sharing tokens. It is recommended that the Nextcloud Richdocuments application be upgraded to 3.8.4 or 4.2.1 to resolve. For users who are unable to upgrade, it is recommended to disable the Richdocuments application. No detailed vulnerability details are currently available.