Home
Packages
Forums
Wiki
GitLab
Security
AUR
Download

issues
advisories
todo
stats
log
login

CVE-2021-32705 - log back

CVE-2021-32705 edited at 13 Jul 2021 10:28:40

Severity

-	Unknown
+	Low

Remote

-	Unknown
+	Remote

Type

-	Unknown
+	Information disclosure

Description

+	In Nextcloud Server versions prior to 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials.

References

+	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fjv7-283f-5m54
+	https://hackerone.com/reports/1192159
+	https://github.com/nextcloud/server/pull/27610
+	https://github.com/nextcloud/server/commit/117e466e2051095bb6e9d863faf5f42a347e60a0
+	https://github.com/nextcloud/server/commit/ddcb70bd81e99f8bd469019f923bd335b59b04c1

Notes

CVE-2021-32705 created at 13 Jul 2021 10:25:17