CVE-2021-32766 Information

Description

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with �pload Only\ privileges. (aka \File Drop). A link share recipient is not expected to see which folders or files exist in a \File Drop\ share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected \File Drop\ link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Reference

https://hackerone.com/reports/1253475 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gcf3-3wmc-88jr https://github.com/nextcloud/text/pull/1716

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

LOW

Availability Impact

NONE

Base Score

NONE

Base Severity

5.3