Vulnerability Description
Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approval by the Circle owner leaking private information. It is recommended that Nextcloud Circles is upgraded to 0.19.15, 0.20.11 or 0.21.4. There are no workarounds for this issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Circles | < 0.19.5 |
Related Weaknesses (CWE)
References
- https://github.com/nextcloud/circles/pull/768PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56j9-3Third Party Advisory
- https://hackerone.com/reports/1257624Permissions RequiredThird Party Advisory
- https://github.com/nextcloud/circles/pull/768PatchThird Party Advisory
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56j9-3Third Party Advisory
- https://hackerone.com/reports/1257624Permissions RequiredThird Party Advisory
FAQ
What is CVE-2021-37630?
CVE-2021-37630 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Nextcloud Circles is an open source social network built for the nextcloud ecosystem. In affected versions the Nextcloud Circles application allowed any user to join any "Secret Circle" without approv...
How severe is CVE-2021-37630?
CVE-2021-37630 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2021-37630?
Check the references section above for vendor advisories and patch information. Affected products include: Nextcloud Circles.