CVE-2021-32734 log

Source
Severity Low
Remote Yes
Type Information disclosure
Description
In Nextcloud Server versions prior to 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
Group Package Affected Fixed Severity Status Ticket
AVG-2144 nextcloud 21.0.2-1 21.0.3-1 High Fixed
Date Advisory Group Package Severity Type
14 Jul 2021 ASA-202107-22 AVG-2144 nextcloud High multiple issues
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-c2c4-2526
https://hackerone.com/reports/1246721
https://github.com/nextcloud/text/pull/1695
https://github.com/nextcloud/text/commit/6ea959f10039b5b1a79ca5e68eb0a5926f7ae257