← Volver a CVEs
CVE-2021-37629
MEDIUM5.3
Descripcion
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.
Detalles CVE
Puntuacion CVSS v3.15.3
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado9/7/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
nextcloud:richdocuments
Debilidades (CWE)
CWE-200CWE-770
Referencias
https://github.com/nextcloud/richdocuments/pull/1663(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-h36p-8mjx(security-advisories@github.com)
https://hackerone.com/reports/1258750(security-advisories@github.com)
https://github.com/nextcloud/richdocuments/pull/1663(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-h36p-8mjx(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1258750(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.