CVE-2021-32654

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-32654

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32654.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-32654

Related

GHSA-jf9h-v24c-22g5

Published

2021-06-01T21:15:07.680Z

Modified

2026-02-11T13:15:53.499975Z

Severity

9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to receive write/read privileges on any Federated File Share. Since public links can be added as federated file share, this can also be exploited on any public link. Users can upgrade to patched versions (19.0.11, 20.0.10 or 21.0.2) or, as a workaround, disable federated file sharing.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/server
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

ea6649a511ec5963b984342a50103c3637d621a3

Introduced

615b994816710a595243d704c9be445f736b4b41

Fixed

6e537422555592ba6542780533963a67fff68cf1

Introduced

8985b7930653139859002eb3eca2852999ed8f0d

Fixed

59752ce269dfb122ef9e3ae56c33464551aa74e1

Affected versions

v20.*

v20.0.0

v20.0.1

v20.0.10RC1

v20.0.1RC1

v20.0.2

v20.0.2RC1

v20.0.2RC2

v20.0.3

v20.0.3RC2

v20.0.4

v20.0.5

v20.0.5RC1

v20.0.5RC2

v20.0.6

v20.0.6RC1

v20.0.7

v20.0.7RC1

v20.0.8

v20.0.8RC1

v20.0.9

v20.0.9RC1

v21.*

v21.0.0

v21.0.1

v21.0.1RC1

v21.0.2RC1

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-32654.json"