GitHub_MCVELIST:CVE-2021-32656CVE-2021-32656 Trusted servers exchange can be triggered by attacker
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
9.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.9%
Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the “Add server automatically once a federated share was created successfully” setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable “Add server automatically once a federated share was created successfully” in the Nextcloud settings.
CNA Affected
[
{
"product": "security-advisories",
"vendor": "nextcloud",
"versions": [
{
"status": "affected",
"version": "< 19.0.11"
},
{
"status": "affected",
"version": ">= 20.0.0, < 20.0.10"
},
{
"status": "affected",
"version": ">= 21.0.0, < 21.0.2"
}
]
}
]Related
8.6 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N
9.1 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
48.9%