CVE-2021-37629
MEDIUMNextcloud Richdocuments < 3.8.4 - Share Token Enumeration via Unthrottled OCS Endpoint
Title source: llmDescription
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.
References (3)
Core 3
Core References
Third Party Advisory x_refsource_confirm
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-gvvr-h36p-8mjx
Third Party Advisory x_refsource_misc
https://github.com/nextcloud/richdocuments/pull/1663
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1258750
Scores
CVSS v3
5.3
EPSS
0.0038
EPSS Percentile
59.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
Details
CWE
CWE-770
CWE-200
Status
published
Products (1)
nextcloud/richdocuments
< 3.8.4
Published
Sep 07, 2021
Tracked Since
Feb 18, 2026