ByteOS Network

CVE Vulnerability Details :

CVE-2021-32741

PUBLISHED

More Info Official Page

Assigner-GitHub_M

Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa

Published At-12 Jul, 2021 | 22:05

Updated At-03 Aug, 2024 | 23:33

▼CVE Numbering Authority (CNA)

Lack of ratelimit on public share link mount endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

Affected Products

Vendor

Nextcloud GmbH

Product

security-advisories

Versions

Affected

< 19.0.13
>= 20.0.0, < 20.0.11
>= 21.0.0, < 21.0.3

Problem Types

Type	CWE ID	Description
CWE	CWE-799	CWE-799: Improper Control of Interaction Frequency

Metrics

Version	Base score	Base severity	Vector
3.1	5.3	MEDIUM	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References

Hyperlink	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr	x_refsource_CONFIRM
https://github.com/nextcloud/server/pull/26958	x_refsource_MISC
https://hackerone.com/reports/1192144	x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-crvj-vmf7-xrvr	x_refsource_CONFIRM x_transferred
https://github.com/nextcloud/server/pull/26958	x_refsource_MISC x_transferred
https://hackerone.com/reports/1192144	x_refsource_MISC x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References