CVE-2021-32688 log
Source |
|
Severity | High |
Remote | Yes |
Type | Privilege escalation |
Description | Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. |
Group | Package | Affected | Fixed | Severity | Status | Ticket |
---|---|---|---|---|---|---|
AVG-2144 | nextcloud | 21.0.2-1 | 21.0.3-1 | High | Fixed |
Date | Advisory | Group | Package | Severity | Type |
---|---|---|---|---|---|
14 Jul 2021 | ASA-202107-22 | AVG-2144 | nextcloud | High | multiple issues |