Vulnerability Description
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 19.0.13 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-cThird Party Advisory
- https://github.com/nextcloud/text/pull/1695PatchThird Party Advisory
- https://hackerone.com/reports/1246721Permissions Required
- https://security.gentoo.org/glsa/202208-17Third Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-cThird Party Advisory
- https://github.com/nextcloud/text/pull/1695PatchThird Party Advisory
- https://hackerone.com/reports/1246721Permissions Required
- https://security.gentoo.org/glsa/202208-17Third Party Advisory
FAQ
What is CVE-2021-32734?
CVE-2021-32734 is a vulnerability with a CVSS score of 3.1 (LOW). Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exce...
How severe is CVE-2021-32734?
CVE-2021-32734 has been rated LOW with a CVSS base score of 3.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32734?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.