CVE-2021-39223
File path disclosure of shared files in Richdocuments application
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings.
Nextcloud es una plataforma de productividad de código abierto y auto-alojada. La aplicación Nextcloud Richdocuments versiones anteriores a 3.8.6 y 4.2.3, devolvía mensajes de excepción literales al usuario. Esto podría resultar en una revelación de la ruta completa en los archivos compartidos. (por ejemplo, un atacante podría ver que el archivo "shared.txt" se encuentra dentro de "files/$username/Myfolder/Mysubfolder/shared.txt"). Es recomendado actualizar la aplicación Richdocuments a la versión 3.8.6 o 4.2.3. Como solución, deshabilite la aplicación Richdocuments en la configuración de la aplicación
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-08-16 CVE Reserved
- 2021-10-25 CVE Published
- 2024-07-10 EPSS Updated
- 2024-08-04 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CAPEC
References (2)
URL | Tag | Source |
---|---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rjcc-4cgj-6v93 | Third Party Advisory |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://github.com/nextcloud/richdocuments/pull/1760 | 2021-10-29 |
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Nextcloud Search vendor "Nextcloud" | Richdocuments Search vendor "Nextcloud" for product "Richdocuments" | < 3.8.6 Search vendor "Nextcloud" for product "Richdocuments" and version " < 3.8.6" | - |
Affected
| ||||||
Nextcloud Search vendor "Nextcloud" | Richdocuments Search vendor "Nextcloud" for product "Richdocuments" | >= 4.0.0 < 4.2.3 Search vendor "Nextcloud" for product "Richdocuments" and version " >= 4.0.0 < 4.2.3" | - |
Affected
|