---

CVE-2021-32654 - log back

CVE-2021-32654 edited at 01 Jun 2021 20:11:10
References	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5 + https://hackerone.com/reports/1170024

CVE-2021-32654 edited at 01 Jun 2021 20:00:41
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary filesystem access
Description	+ A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link (e.g. to add malicious data into a folder, or get read access to a "Files Drop" link).
References	+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5
Notes

CVE-2021-32654 created at 01 Jun 2021 19:56:59