← Back to CVEs
CVE-2021-32657
MEDIUM4.3
Description
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, administrators can use the OCC command line tool to administrate the Nextcloud users.
CVE Details
CVSS v3.1 Score4.3
SeverityMEDIUM
CVSS VectorCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L
Attack VectorNETWORK
ComplexityLOW
Privileges RequiredLOW
User InteractionNONE
Published6/1/2021
Last Modified11/21/2024
Sourcenvd
Honeypot Sightings0
Affected Products
nextcloud:nextcloud_server
Weaknesses (CWE)
CWE-400
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fx62-q47f-f665(security-advisories@github.com)
https://hackerone.com/reports/1147611(security-advisories@github.com)
https://security.gentoo.org/glsa/202208-17(security-advisories@github.com)
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fx62-q47f-f665(af854a3a-2127-422b-91ae-364da2661108)
https://hackerone.com/reports/1147611(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202208-17(af854a3a-2127-422b-91ae-364da2661108)
IOC Correlations
No correlations recorded
This product uses data from the NVD API but is not endorsed or certified by the NVD.