Vulnerability Description
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Richdocuments | < 3.8.4 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/richdocuments/pull/1663Third Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-hThird Party Advisory
- https://hackerone.com/reports/1258750Permissions RequiredThird Party Advisory
- https://github.com/nextcloud/richdocuments/pull/1663Third Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-hThird Party Advisory
- https://hackerone.com/reports/1258750Permissions RequiredThird Party Advisory
FAQ
What is CVE-2021-37629?
CVE-2021-37629 is a vulnerability with a CVSS score of 5.3 (MEDIUM). Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enum...
How severe is CVE-2021-37629?
CVE-2021-37629 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37629?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Richdocuments.