CVE-2021-32725 log

Source
Severity Low
Remote Yes
Type Access restriction bypass
Description
In Nextcloud Server versions prior to 21.0.3, default share permissions were not being respected for federated reshares of files and folders.
Group Package Affected Fixed Severity Status Ticket
AVG-2144 nextcloud 21.0.2-1 21.0.3-1 High Fixed
Date Advisory Group Package Severity Type
14 Jul 2021 ASA-202107-22 AVG-2144 nextcloud High multiple issues
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6f6v-h9x9-jj4v
https://hackerone.com/reports/1178320
https://github.com/nextcloud/server/pull/26946
https://github.com/nextcloud/server/commit/7ca8fd43a6fdbebd1c931ae09a94ab072ef6773e