Description

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

Related CPE's

a

nextcloud

nextcloud_server

3

o

fedoraproject

fedora

2

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxpq-wq7c-vppf

Third Party Advisory

https://github.com/nextcloud/server/pull/27024

PatchThird Party Advisory

https://hackerone.com/reports/1200810

Permissions Required

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/

https://security.gentoo.org/glsa/202208-17

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-778

[email protected]

Secondary
NVD-CWE-Other

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

3.3 · Low

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-07-12T14:15:08.207

3 years ago

Last modified

2023-11-07T03:35:22.703

1 year ago