CVE-2021-32734: File path disclosure of shared files in Nextcloud Text application
First published: Mon Jul 12 2021(Updated: )
Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | <19.0.13 | |
| Nextcloud Nextcloud Server | >=20.0.0<20.0.11 | |
| Nextcloud Nextcloud Server | >=21.0.0<21.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- collector/nvd-index
- agent/references
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/title
- agent/last-modified-date
- agent/tags
- agent/remedy
- agent/author
- agent/weakness
- agent/description
- agent/first-publish-date
- agent/event
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/20.0.0
- version/nextcloud nextcloud server/21.0.0