CVE-2021-32657
Malicious user could break user administration page
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, administrators can use the OCC command line tool to administrate the Nextcloud users.
Nextcloud Server es un paquete de Nextcloud que administra el almacenamiento de datos. En Nextcloud Server versiones anteriores a 10.0.11, 20.0.10 y 21.0.2, un usuario malicioso puede ser capaz de romper la página de administración de usuarios. Esto impediría a administradores administrar usuarios en la instancia de Nextcloud. La vulnerabilidad ha sido corregida en versiones 19.0.11, 20.0.10 y 21.0.2. Como solución, los administradores pueden usar la herramienta de línea de comandos OCC para administrar los usuarios de Nextcloud
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-05-12 CVE Reserved
- 2021-06-01 CVE Published
- 2023-04-18 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
URL | Tag | Source |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fx62-q47f-f665 | Third Party Advisory | |
https://hackerone.com/reports/1147611 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202208-17 | 2022-10-26 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | < 19.0.11 Search vendor "Nextcloud" for product "Nextcloud Server" and version " < 19.0.11" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 20.0.0 < 20.0.10 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 20.0.0 < 20.0.10" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Nextcloud Server Search vendor "Nextcloud" for product "Nextcloud Server" | >= 21.0.0 < 21.0.2 Search vendor "Nextcloud" for product "Nextcloud Server" and version " >= 21.0.0 < 21.0.2" | - |
Affected
|