CVE-2021-32688
HIGHNextcloud Server <19.0.13, <20.0.11, <21.0.3 - Privilege Escalation
Title source: llmDescription
Nextcloud Server is a Nextcloud package that handles data storage. Nextcloud Server supports application specific tokens for authentication purposes. These tokens are supposed to be granted to a specific applications (e.g. DAV sync clients), and can also be configured by the user to not have any filesystem access. Due to a lacking permission check, the tokens were able to change their own permissions in versions prior to 19.0.13, 20.0.11, and 21.0.3. Thus fileystem limited tokens were able to grant themselves access to the filesystem. The issue is patched in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds aside from upgrading.
References (6)
Core 6
Core References
Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-48m7-7r2r-838r
Patch, Third Party Advisory x_refsource_misc
https://github.com/nextcloud/server/pull/27000
Permissions Required x_refsource_misc
https://hackerone.com/reports/1193321
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/J63NBVPR2AQCAWRNDOZSGRY5II4WS2CZ/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BVZS26RDME2DYTKET5AECRIZDFUGR2AZ/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202208-17
Scores
CVSS v3
8.8
EPSS
0.0311
EPSS Percentile
87.0%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Details
CWE
CWE-552
CWE-285
Status
published
Products (3)
fedoraproject/fedora
33
fedoraproject/fedora
34
nextcloud/nextcloud_server
< 19.0.13
Published
Jul 12, 2021
Tracked Since
Feb 18, 2026