cnvd - cnvd-2021-70109

cnvd-2021-70109

Vulnerability from cnvd

Title: Nextcloud信息泄露漏洞（CNVD-2021-70109）

Description:

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。

Nextcloud Richdocuments存在信息泄露漏洞，该漏洞源于在受影响的版本中，Richdocuments OCS端点没有速率限制。这可能允许攻击者可利用该漏洞枚举潜在的有效共享令牌。建议将Nextcloud Richdocuments应用升级到3.8.4或4.2.1来解决。对于无法升级的用户，建议禁用Richdocuments应用程序。目前没有详细的漏洞细节提供。

Severity: 高

Patch Name: Nextcloud信息泄露漏洞（CNVD-2021-70109）的补丁

Patch Description:

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。

Formal description:

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w

Reference: https://nvd.nist.gov/vuln/detail/CVE-2021-37628

Impacted products

Name
Nextcloud Nextcloud

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-37628"
    }
  },
  "description": "Nextcloud\u662f\u5fb7\u56fdNextcloud\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002\n\nNextcloud Richdocuments\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u53d7\u5f71\u54cd\u7684\u7248\u672c\u4e2d\uff0cRichdocuments OCS\u7aef\u70b9\u6ca1\u6709\u901f\u7387\u9650\u5236\u3002\u8fd9\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u679a\u4e3e\u6f5c\u5728\u7684\u6709\u6548\u5171\u4eab\u4ee4\u724c\u3002\u5efa\u8bae\u5c06Nextcloud Richdocuments\u5e94\u7528\u5347\u7ea7\u52303.8.4\u62164.2.1\u6765\u89e3\u51b3\u3002\u5bf9\u4e8e\u65e0\u6cd5\u5347\u7ea7\u7684\u7528\u6237\uff0c\u5efa\u8bae\u7981\u7528Richdocuments\u5e94\u7528\u7a0b\u5e8f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-70109",
  "openTime": "2021-09-10",
  "patchDescription": "Nextcloud\u662f\u5fb7\u56fdNextcloud\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002\r\n\r\nNextcloud Richdocuments\u5b58\u5728\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u53d7\u5f71\u54cd\u7684\u7248\u672c\u4e2d\uff0cRichdocuments OCS\u7aef\u70b9\u6ca1\u6709\u901f\u7387\u9650\u5236\u3002\u8fd9\u53ef\u80fd\u5141\u8bb8\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u679a\u4e3e\u6f5c\u5728\u7684\u6709\u6548\u5171\u4eab\u4ee4\u724c\u3002\u5efa\u8bae\u5c06Nextcloud Richdocuments\u5e94\u7528\u5347\u7ea7\u52303.8.4\u62164.2.1\u6765\u89e3\u51b3\u3002\u5bf9\u4e8e\u65e0\u6cd5\u5347\u7ea7\u7684\u7528\u6237\uff0c\u5efa\u8bae\u7981\u7528Richdocuments\u5e94\u7528\u7a0b\u5e8f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Nextcloud\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-70109\uff09\u7684\u8865\u4e01",
  "products": {
    "product": "Nextcloud Nextcloud"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2021-37628",
  "serverity": "\u9ad8",
  "submitTime": "2021-09-09",
  "title": "Nextcloud\u4fe1\u606f\u6cc4\u9732\u6f0f\u6d1e\uff08CNVD-2021-70109\uff09"
}

CVE-2021-37628 (GCVE-0-2021-37628)

Vulnerability from cvelistv5

Published

2021-09-07 20:15

Modified

2024-08-04 01:23

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE

CWE-639 - Authorization Bypass Through User-Controlled Key

Summary

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.

References

▼	URL	Tags
	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w	x_refsource_CONFIRM
	https://github.com/nextcloud/richdocuments/pull/1664	x_refsource_MISC
	https://hackerone.com/reports/1253403	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 3.8.4 Version: >= 4.0.0, < 4.2.1

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-04T01:23:01.253Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/richdocuments/pull/1664"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1253403"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 3.8.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.2.1"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (\"Upload Only\" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-639",
              "description": "CWE-639: Authorization Bypass Through User-Controlled Key",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-07T20:15:11",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/nextcloud/richdocuments/pull/1664"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1253403"
        }
      ],
      "source": {
        "advisory": "GHSA-pxhh-954f-8w7w",
        "discovery": "UNKNOWN"
      },
      "title": "File Drop can be bypassed using Richdocuments app in nextcloud",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-37628",
          "STATE": "PUBLIC",
          "TITLE": "File Drop can be bypassed using Richdocuments app in nextcloud"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "security-advisories",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 3.8.4"
                          },
                          {
                            "version_value": "\u003e= 4.0.0, \u003c 4.2.1"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "nextcloud"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features (\"Upload Only\" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "NONE",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-639: Authorization Bypass Through User-Controlled Key"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w",
              "refsource": "CONFIRM",
              "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w"
            },
            {
              "name": "https://github.com/nextcloud/richdocuments/pull/1664",
              "refsource": "MISC",
              "url": "https://github.com/nextcloud/richdocuments/pull/1664"
            },
            {
              "name": "https://hackerone.com/reports/1253403",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1253403"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-pxhh-954f-8w7w",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-37628",
    "datePublished": "2021-09-07T20:15:11",
    "dateReserved": "2021-07-29T00:00:00",
    "dateUpdated": "2024-08-04T01:23:01.253Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted