PT-2021-19940 · Nextcloud+2 · Nextcloud Server+2

Lukas Reschke

Published

2021-09-07

Updated

2022-09-27

CVE-2021-32801

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Server versions prior to 20.0.12 Nextcloud Server versions prior to 21.0.4 Nextcloud Server versions prior to 22.1.0

Description The Nextcloud server, an open-source, self-hosted personal cloud, has a issue where logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality.

Recommendations For Nextcloud Server versions prior to 20.0.12, upgrade to 20.0.12 to resolve the issue. For Nextcloud Server versions prior to 21.0.4, upgrade to 21.0.4 to resolve the issue. For Nextcloud Server versions prior to 22.1.0, upgrade to 22.1.0 to resolve the issue. If upgrading is not an option, disable system logging to resolve this issue until an upgrade can be performed.

Fix

Insertion into Log File

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-532

Related Identifiers

ALT-PU-2021-3108

ALT-PU-2021-3224

CVE-2021-32801

GHSA-MCPF-V65V-359H

OPENSUSE-SU-2021:1250-1

OPENSUSE-SU-2021:1252-1

OPENSUSE-SU-2021:1253-1

OPENSUSE-SU-2021:1255-1

OPENSUSE-SU-2021:1275-1

OPENSUSE-SU-2021_1253-1

Affected Products

Alt Linux

Nextcloud Server

Suse

PT-2021-19940 · Nextcloud+2 · Nextcloud Server+2

CVE-2021-32801

Weakness Enumeration

Related Identifiers

Affected Products

References · 23