CVE-2021-32657 Information

Jun 07, 2022 cve

Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11 20.0.10 and 21.0.2 a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11 20.0.10 and 21.0.2. As a workaround administrators can use the OCC command line tool to administrate the Nextcloud users.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

Reference

https://hackerone.com/reports/1147611 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fx62-q47f-f665

Attack Complexity

LOW

Privileges Required

LOW

User Interaction Required

LOW

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

LOW

Base Severity

4.3

Share on: