Vulnerability Description
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | < 20.0.12 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8Third Party Advisory
- https://github.com/nextcloud/server/pull/28078PatchThird Party Advisory
- https://hackerone.com/reports/1271052Permissions RequiredThird Party Advisory
- https://security.gentoo.org/glsa/202208-17Third Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gv5w-8Third Party Advisory
- https://github.com/nextcloud/server/pull/28078PatchThird Party Advisory
- https://hackerone.com/reports/1271052Permissions RequiredThird Party Advisory
- https://security.gentoo.org/glsa/202208-17Third Party Advisory
FAQ
What is CVE-2021-32800?
CVE-2021-32800 is a vulnerability with a CVSS score of 8.1 (HIGH). Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a ...
How severe is CVE-2021-32800?
CVE-2021-32800 has been rated HIGH with a CVSS base score of 8.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-32800?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Nextcloud Server.