← volver
CVE-2021-32725

Default share permissions not respected for federated reshares

CVSS 3.5 LOWEPSS 1.2%CWE-277
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N
Productos afectados
nextcloud · security-advisories

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →
Referencias
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4vhttps://github.com/nextcloud/server/pull/26946https://hackerone.com/reports/1178320https://security.gentoo.org/glsa/202208-17