Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
CVE Vulnerability Details :
CVE-2021-32800
PUBLISHED
More InfoOfficial Page
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
View Known Exploited Vulnerability (KEV) details
Published At-07 Sep, 2021 | 21:35
Updated At-03 Aug, 2024 | 23:33
Rejected At-
▼CVE Numbering Authority (CNA)
Bypass of Two Factor Authentication in Nextcloud server

Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.

Affected Products
Vendor
Nextcloud GmbHnextcloud
Product
security-advisories
Versions
Affected
  • < 20.0.12
  • >= 21.0.0, < 21.0.4
  • >= 22.0.0, < 22.1.0
Problem Types
TypeCWE IDDescription
CWECWE-306CWE-306: Missing Authentication for Critical Function
Type: CWE
CWE ID: CWE-306
Description: CWE-306: Missing Authentication for Critical Function
Metrics
VersionBase scoreBase severityVector
3.18.1HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Version: 3.1
Base score: 8.1
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8q25-785v
x_refsource_CONFIRM
https://github.com/nextcloud/server/pull/28078
x_refsource_MISC
https://hackerone.com/reports/1271052
x_refsource_MISC
https://security.gentoo.org/glsa/202208-17
vendor-advisory
x_refsource_GENTOO
Hyperlink: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8q25-785v
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/nextcloud/server/pull/28078
Resource:
x_refsource_MISC
Hyperlink: https://hackerone.com/reports/1271052
Resource:
x_refsource_MISC
Hyperlink: https://security.gentoo.org/glsa/202208-17
Resource:
vendor-advisory
x_refsource_GENTOO
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8q25-785v
x_refsource_CONFIRM
x_transferred
https://github.com/nextcloud/server/pull/28078
x_refsource_MISC
x_transferred
https://hackerone.com/reports/1271052
x_refsource_MISC
x_transferred
https://security.gentoo.org/glsa/202208-17
vendor-advisory
x_refsource_GENTOO
x_transferred
Hyperlink: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8q25-785v
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/nextcloud/server/pull/28078
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://hackerone.com/reports/1271052
Resource:
x_refsource_MISC
x_transferred
Hyperlink: https://security.gentoo.org/glsa/202208-17
Resource:
vendor-advisory
x_refsource_GENTOO
x_transferred
Details not found