CVE-2021-37629

MEDIUM

Nextcloud Richdocuments < 3.8.4 - Share Token Enumeration via Unthrottled OCS Endpoint

Title source: llm
STIX 2.1

Description

Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.

References (3)

Core 3
Core References
Third Party Advisory x_refsource_misc
https://github.com/nextcloud/richdocuments/pull/1663
Permissions Required, Third Party Advisory x_refsource_misc
https://hackerone.com/reports/1258750

Scores

CVSS v3 5.3
EPSS 0.0138
EPSS Percentile 68.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Details

CWE
CWE-200 CWE-770
Status published
Products (1)
nextcloud/richdocuments < 3.8.4
Published Sep 07, 2021
Tracked Since Feb 18, 2026