CVE-2021-37629

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2021-37629

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37629.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2021-37629

Related

GHSA-gvvr-h36p-8mjx

Published

2021-09-07T21:15:08.807Z

Modified

2026-02-11T14:27:35.189403Z

Severity

5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator

Summary

[none]

Details

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.

References

Affected packages

Git / github.com/nextcloud/richdocuments

Affected ranges

Type: GIT
Repo: https://github.com/nextcloud/richdocuments
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

79932dda715fc88baebc8693dc6c5e84f98066c8

Introduced

920fc643722b23fae8972ddc166c144e422ae575

Fixed

1c49cb0a241ad156847ad220cc0c6a686c5244d7

Affected versions

v4.*

v4.0.0

v4.0.1

v4.0.2

v4.0.3

v4.0.4

v4.1.0

v4.1.1

v4.1.2

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-37629.json"