// For flags

CVE-2021-32748

WOPI API not protected by credentials/IP check

Severity Score

4.3
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI ("Web Application Open Platform Interface") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end.

Nextcloud Richdocuments en una oficina online de código abierto auto alojada. Nextcloud utiliza el protocolo WOPI ("Web Application Open Platform Interface") para comunicarse con el Editor Collabora, la comunicación entre estos dos servicios no estaba protegida por una comprobación de credenciales o IP. Si bien esto no da lugar a que se acceda a datos a los que el usuario aún no tiene acceso, sí puede dar lugar a que se eluda cualquier marca de agua impuesta en los documentos, tal y como se describe en el sitio web de [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) y en [nuestra documentación](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). Las versiones 3.8.3 y 4.2.0 de Nextcloud Richdocuments añaden una configuración administrativa adicional para una lista de direcciones IP que pueden acceder a la API WOPI. Se recomienda actualizar y configurar la lista de direcciones permitidas a una lista de servidores Collabora. No hay ninguna solución conocida. Tenga en cuenta que esto resulta principalmente en una derivación de cualquier marca de agua configurada o protección de descarga utilizando el Control de Acceso a Archivos. Si usted no requiere o depende de estas características de seguridad, no se requiere ninguna acción inmediata por su parte

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
None
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Unchanged
Confidentiality
Low
Integrity
None
Availability
None
Attack Vector
Network
Attack Complexity
Low
Authentication
Single
Confidentiality
None
Integrity
Partial
Availability
None
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-05-12 CVE Reserved
  • 2021-07-27 CVE Published
  • 2023-06-13 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
  • ---------- First Exploit
CWE
  • CWE-862: Missing Authorization
CAPEC
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nextcloud
Search vendor "Nextcloud"
Richdocuments
Search vendor "Nextcloud" for product "Richdocuments"
< 3.8.3
Search vendor "Nextcloud" for product "Richdocuments" and version " < 3.8.3"
-
Affected
Nextcloud
Search vendor "Nextcloud"
Richdocuments
Search vendor "Nextcloud" for product "Richdocuments"
>= 4.0.0 < 4.2.0
Search vendor "Nextcloud" for product "Richdocuments" and version " >= 4.0.0 < 4.2.0"
-
Affected