CVE-2021-22906

MEDIUM

Nextcloud <1.5.3, 1.6.3, 1.7.1 - DoS

Title source: llm

Description

Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users.

References (2)

Core 2

Core References

Exploit, Issue Tracking, Third Party Advisory x_refsource_misc

https://hackerone.com/reports/1189174

Third Party Advisory x_refsource_misc

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-3829-45wm-ww36

Scores

CVSS v3 6.5

EPSS 0.0019

EPSS Percentile 40.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-639 CWE-400

Status published

Products (1)

nextcloud/end-to-end_encryption < 1.5.3

Published Jun 11, 2021

Tracked Since Feb 18, 2026