CVE-2021-32654 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	High
Remote	Yes
Type	Arbitrary filesystem access
Description	A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link (e.g. to add malicious data into a folder, or get read access to a "Files Drop" link).

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-2024	nextcloud	21.0.1-3	21.0.2-1	High	Fixed

References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5 https://hackerone.com/reports/1170024