QwikSec

Security Database

CVE

CWE

Training

CVE-2021-32680

Published: Jul 12, 2021

Modified: Aug 3, 2024

PUBLISHED

CVSS v3.1

3.3

LOW

Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

Vendor	Product	Versions
nextcloud	security-advisories	affected `< 19.0.13` affected `>= 20.0.0, < 20.0.11` affected `>= 21.0.0, < 21.0.3`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

Attack Vector

Local

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

Low

Availability

None

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf

x_refsource_CONFIRM

https://github.com/nextcloud/server/pull/27024

x_refsource_MISC

https://hackerone.com/reports/1200810

x_refsource_MISC

FEDORA-2021-9b421b78af

vendor-advisory

x_refsource_FEDORA

FEDORA-2021-6f327296fe

vendor-advisory

x_refsource_FEDORA

vendor-advisory

x_refsource_GENTOO

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.