PT-2022-11375 · Nextcloud+1 · Nextcloud Text+2
Nickvergessen
·
Published
2022-03-10
·
Updated
2022-09-27
·
CVE-2021-41233
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions prior to 20.0.14
Nextcloud Server versions prior to 21.0.6
Nextcloud Server versions prior to 22.2.1
Description
The Nextcloud Text application, which is shipped with Nextcloud Server by default, has an issue that allows an attacker to access the folder names of "File Drop" if they have knowledge of the sharing link.
Recommendations
For versions prior to 20.0.14, upgrade to 20.0.14 or later.
For versions prior to 21.0.6, upgrade to 21.0.6 or later.
For versions prior to 22.2.1, upgrade to 22.2.1 or later.
As a temporary workaround for users unable to upgrade, consider disabling the Nextcloud Text application in the application settings.
Fix
Missing Authorization
Incorrect Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Nextcloud Server
Nextcloud Text