---

CVE-2021-32655 - log back

CVE-2021-32655 edited at 01 Jun 2021 20:02:04
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Information disclosure
Description	+ A security issue has been found in Nextcloud Server before version 21.0.2. An attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing user. When the sharing user opens the sharing panel and tries to remove the "Create" privileges of this unexpected share, Nextcloud server would silently grant the share read privileges.
References	+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-grph-cm44-p3jv + https://hackerone.com/reports/1167929
Notes

CVE-2021-32655 created at 01 Jun 2021 19:56:59