cnvd - cnvd-2022-18420

cnvd-2022-18420

Vulnerability from cnvd

Title: Nextcloud代码执行漏洞

Description:

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。

Nextcloud存在代码执行漏洞，该漏洞源于Nextcloud支持为用户提供的文件内容呈现图像预览，攻击者可利用该漏洞通过存在缺陷的第三方库执行任意代码。

Severity: 高

Patch Name: Nextcloud代码执行漏洞的补丁

Patch Description:

Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。

Nextcloud存在代码执行漏洞，该漏洞源于Nextcloud支持为用户提供的文件内容呈现图像预览，攻击者可利用该漏洞通过存在缺陷的第三方库执行任意代码。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description:

厂商已发布了漏洞修复程序，请及时关注更新： https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7

Reference: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7

Impacted products

Name
['Nextcloud Nextcloud <20.0.12', 'Nextcloud Nextcloud <21.0.4', 'Nextcloud Nextcloud <22.1.0']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-32802",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-32802"
    }
  },
  "description": "Nextcloud\u662f\u5fb7\u56fdNextcloud\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002\n\nNextcloud\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eNextcloud\u652f\u6301\u4e3a\u7528\u6237\u63d0\u4f9b\u7684\u6587\u4ef6\u5185\u5bb9\u5448\u73b0\u56fe\u50cf\u9884\u89c8\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5b58\u5728\u7f3a\u9677\u7684\u7b2c\u4e09\u65b9\u5e93\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2022-18420",
  "openTime": "2022-03-11",
  "patchDescription": "Nextcloud\u662f\u5fb7\u56fdNextcloud\u516c\u53f8\u7684\u4e00\u5957\u5f00\u6e90\u7684\u81ea\u6258\u7ba1\u6587\u4ef6\u540c\u6b65\u548c\u5171\u4eab\u7684\u901a\u4fe1\u5e94\u7528\u5e73\u53f0\u3002\r\n\r\nNextcloud\u5b58\u5728\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eNextcloud\u652f\u6301\u4e3a\u7528\u6237\u63d0\u4f9b\u7684\u6587\u4ef6\u5185\u5bb9\u5448\u73b0\u56fe\u50cf\u9884\u89c8\uff0c\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u901a\u8fc7\u5b58\u5728\u7f3a\u9677\u7684\u7b2c\u4e09\u65b9\u5e93\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Nextcloud\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": [
      "Nextcloud Nextcloud \u003c20.0.12",
      "Nextcloud Nextcloud \u003c21.0.4",
      "Nextcloud Nextcloud \u003c22.1.0"
    ]
  },
  "referenceLink": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7",
  "serverity": "\u9ad8",
  "submitTime": "2021-09-09",
  "title": "Nextcloud\u4ee3\u7801\u6267\u884c\u6f0f\u6d1e"
}

CVE-2021-32802 (GCVE-0-2021-32802)

Vulnerability from cvelistv5

Published

2021-09-07 21:45

Modified

2024-08-03 23:33

Severity ?

9.3 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L

CWE

CWE-829 - Inclusion of Functionality from Untrusted Control Sphere

Summary

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`.

References

▼	URL	Tags
	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7	x_refsource_CONFIRM
	https://hackerone.com/reports/1261413	x_refsource_MISC
	https://docs.nextcloud.com/server/21/admin_manual/configuration_files/previews_configuration.html#disabling-previews	x_refsource_MISC
	https://security.gentoo.org/glsa/202208-17	vendor-advisory, x_refsource_GENTOO

Impacted products

	Vendor	Product	Version
	nextcloud	security-advisories	Version: < 20.0.12 Version: >= 21.0.0, < 21.0.4 Version: >= 22.0.0, < 22.1.0

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T23:33:55.927Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://hackerone.com/reports/1261413"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://docs.nextcloud.com/server/21/admin_manual/configuration_files/previews_configuration.html#disabling-previews"
          },
          {
            "name": "GLSA-202208-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202208-17"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "security-advisories",
          "vendor": "nextcloud",
          "versions": [
            {
              "status": "affected",
              "version": "\u003c 20.0.12"
            },
            {
              "status": "affected",
              "version": "\u003e= 21.0.0, \u003c 21.0.4"
            },
            {
              "status": "affected",
              "version": "\u003e= 22.0.0, \u003c 22.1.0"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn\u0027t suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-829",
              "description": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-08-11T00:10:42",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://hackerone.com/reports/1261413"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://docs.nextcloud.com/server/21/admin_manual/configuration_files/previews_configuration.html#disabling-previews"
        },
        {
          "name": "GLSA-202208-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202208-17"
        }
      ],
      "source": {
        "advisory": "GHSA-m682-v4g9-wrq7",
        "discovery": "UNKNOWN"
      },
      "title": "Preview generation used third-party library not suited for user-generated content in Nextcloud server",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-32802",
          "STATE": "PUBLIC",
          "TITLE": "Preview generation used third-party library not suited for user-generated content in Nextcloud server"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "security-advisories",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "\u003c 20.0.12"
                          },
                          {
                            "version_value": "\u003e= 21.0.0, \u003c 21.0.4"
                          },
                          {
                            "version_value": "\u003e= 22.0.0, \u003c 22.1.0"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "nextcloud"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn\u0027t suited for untrusted user-supplied content. There are several security concerns with passing user-generated content to this library, such as Server-Side-Request-Forgery, file disclosure or potentially executing code on the system. The risk depends on your system configuration and the installed library version. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. These versions do not use this library anymore. As a workaround users may disable previews by setting `enable_previews` to `false` in `config.php`."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 9.3,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "CHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-829: Inclusion of Functionality from Untrusted Control Sphere"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7",
              "refsource": "CONFIRM",
              "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m682-v4g9-wrq7"
            },
            {
              "name": "https://hackerone.com/reports/1261413",
              "refsource": "MISC",
              "url": "https://hackerone.com/reports/1261413"
            },
            {
              "name": "https://docs.nextcloud.com/server/21/admin_manual/configuration_files/previews_configuration.html#disabling-previews",
              "refsource": "MISC",
              "url": "https://docs.nextcloud.com/server/21/admin_manual/configuration_files/previews_configuration.html#disabling-previews"
            },
            {
              "name": "GLSA-202208-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202208-17"
            }
          ]
        },
        "source": {
          "advisory": "GHSA-m682-v4g9-wrq7",
          "discovery": "UNKNOWN"
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2021-32802",
    "datePublished": "2021-09-07T21:45:11",
    "dateReserved": "2021-05-12T00:00:00",
    "dateUpdated": "2024-08-03T23:33:55.927Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted