Lucene search
NextcloudGHSA-396J-VQPR-QG45HistoryJun 01, 2021 - 6:11 p.m.
Default settings leak federated cloud ID to lookup server of all users
2021-06-0118:11:10
github.com
8
0.001 Low
EPSS
Percentile
26.3%
Description
Impact
Nextcloud Server sends user IDs to the lookup server even if the user has no fields set to published.
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.11, 20.0.10 or 21.0.2.
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory:
- Create a post in nextcloud/security-advisories
- Customers: Open a support ticket at support.nextcloud.com
| CPE | Name | Operator | Version |
|---|---|---|---|
| nextcloud server | lt | 19.0.11 | |
| nextcloud server | lt | 20.0.10 | |
| nextcloud server | lt | 21.0.2 |
References
Related
prion
prion
Code injection
2021-06-01 20:15:00
osv
osv
CVE-2021-32653
2021-06-01 20:15:08
hackerone
hackerone
cvelist
cvelist
cve
cve
CVE-2021-32653
2021-06-01 20:15:00
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (May 2021)
2021-06-02 00:00:00
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00
nessus
nessus
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00