SB2021060414 - Multiple vulnerabilities in Nextcloud Server
Published: June 4, 2021 Updated: June 7, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Authorization bypass through user-controlled key (CVE-ID: CVE-2021-32654)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to improper authorization. A remote attacker can receive write/read privileges on any Federated File Share.
2) Information disclosure (CVE-ID: CVE-2021-32653)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to the Nextcloud Server sends user IDs to the lookup server even if the user has no fields set to published. A remote attacker can gain unauthorized access to sensitive information on the system.
3) Improper access control (CVE-ID: CVE-2021-32657)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to improper access restrictions. A remote authenticated attacker can break the user administration page.
4) Improper Handling of Unexpected Data Type (CVE-ID: CVE-2021-32655)
The vulnerability allows a remote attacker to compromise the target system.
The vulnerability exists due to the files drop public link can be added as federated share. A remote attacker can convert a files drop link to a federated share, leading to an issue on the UI side of the sharing user.
5) Improper access control (CVE-ID: CVE-2021-32656)
The vulnerability allows a remote attacker to gain unauthorized access to otherwise restricted functionality.
The vulnerability exists due to the trusted servers exchange can be triggered by attacker. A remote attacker can trigger this exchange if they have access to a public link and gain access to basic user information.
Remediation
Install update from vendor's website.
References
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jf9h-v24c-22g5
- https://hackerone.com/reports/1170024
- https://hackerone.com/reports/1173436
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-396j-vqpr-qg45
- https://hackerone.com/reports/1147611
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fx62-q47f-f665
- https://hackerone.com/reports/1167929
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-grph-cm44-p3jv
- https://hackerone.com/reports/1167853
- https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j875-vr2q-h6x6