CVE-2021-37629

Опубликовано: 07 сент. 2021

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.

Ссылки

https://github.com/nextcloud/richdocuments/pull/1663
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-h36p-8mjx
Third Party Advisory
https://hackerone.com/reports/1258750
Permissions Required
Third Party Advisory
https://github.com/nextcloud/richdocuments/pull/1663
Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-h36p-8mjx
Third Party Advisory
https://hackerone.com/reports/1258750
Permissions Required
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*

Версия до 3.8.4 (исключая)

cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*

Версия от 4.0.0 (включая) до 4.2.1 (исключая)

EPSS

Процентиль: 59%

0.00384

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-200

CWE-770