CVE-2021-32734 - log back

CVE-2021-32734 edited at 13 Jul 2021 10:36:34
Severity
- Unknown
+ Low
Remote
- Unknown
+ Remote
CVE-2021-32734 edited at 13 Jul 2021 10:36:18
Type
- Unknown
+ Information disclosure
Description
+ In Nextcloud Server versions prior to 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
References
+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-c2c4-2526
+ https://hackerone.com/reports/1246721
+ https://github.com/nextcloud/text/pull/1695
+ https://github.com/nextcloud/text/commit/6ea959f10039b5b1a79ca5e68eb0a5926f7ae257
Notes
CVE-2021-32734 created at 13 Jul 2021 10:25:17