admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-28 17:21:36 +00:00
Code Issues Packages Projects Releases Wiki Activity
nvd-json-data-feeds/CVE-2021/CVE-2021-412xx/CVE-2021-41241.json
cad-safe-bot 5fc0b01395 Auto-Update: 2024-12-15T03:00:19.262894+00:00
2024-12-15 03:03:56 +00:00

205 lines
6.9 KiB
JSON
Raw Blame History

{
"id": "CVE-2021-41241",
"sourceIdentifier": "security-advisories@github.com",
"published": "2022-03-08T19:15:07.927",
"lastModified": "2024-11-21T06:25:51.403",
"vulnStatus": "Modified",
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Nextcloud server is a self hosted system designed to provide cloud style services. The groupfolders application for Nextcloud allows sharing a folder with a group of people. In addition, it allows setting \"advanced permissions\" on subfolders, for example, a user could be granted access to the groupfolder but not specific subfolders. Due to a lacking permission check in affected versions, a user could still access these subfolders by copying the groupfolder to another location. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the \"groupfolders\" application in the admin settings."
},
{
"lang": "es",
"value": "El servidor de Nextcloud es un sistema autoalojado dise\u00f1ado para proporcionar servicios de estilo en la nube. La aplicaci\u00f3n groupfolders para Nextcloud permite compartir una carpeta con un grupo de personas. Adem\u00e1s, permite establecer \"permisos avanzados\" en las subcarpetas, por ejemplo, un usuario podr\u00eda tener acceso a la carpeta de grupo pero no a subcarpetas espec\u00edficas. Debido a la falta de comprobaci\u00f3n de permisos en las versiones afectadas, un usuario podr\u00eda seguir accediendo a estas subcarpetas copiando la carpeta de grupo a otra ubicaci\u00f3n. Se recomienda actualizar el servidor Nextcloud a la versi\u00f3n 20.0.14, 21.0.6 o 22.2.1. Los usuarios que no puedan actualizarse deber\u00e1n desactivar la aplicaci\u00f3n \"groupfolders\" en la configuraci\u00f3n del administrador"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N",
"baseScore": 4.3,
"baseSeverity": "MEDIUM",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"exploitabilityScore": 2.8,
"impactScore": 1.4
}
],
"cvssMetricV2": [
{
"source": "nvd@nist.gov",
"type": "Primary",
"cvssData": {
"version": "2.0",
"vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N",
"baseScore": 4.0,
"accessVector": "NETWORK",
"accessComplexity": "LOW",
"authentication": "SINGLE",
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"availabilityImpact": "NONE"
},
"baseSeverity": "MEDIUM",
"exploitabilityScore": 8.0,
"impactScore": 2.9,
"acInsufInfo": false,
"obtainAllPrivilege": false,
"obtainUserPrivilege": false,
"obtainOtherPrivilege": false,
"userInteractionRequired": false
}
]
},
"weaknesses": [
{
"source": "security-advisories@github.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-863"
}
]
},
{
"source": "nvd@nist.gov",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-862"
}
]
}
],
"configurations": [
{
"nodes": [
{
"operator": "OR",
"negate": false,
"cpeMatch": [
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"versionEndExcluding": "20.0.14",
"matchCriteriaId": "FE354750-B4B3-4F0A-8B59-472C527BC7B2"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*",
"versionStartIncluding": "21.0.0",
"versionEndExcluding": "21.0.6",
"matchCriteriaId": "467AE8CC-B050-4A69-AD8A-88C71C69C898"
},
{
"vulnerable": true,
"criteria": "cpe:2.3:a:nextcloud:nextcloud_server:22.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "0FB174BF-D3FD-49C6-B216-3166DE1AD6F9"
}
]
}
]
}
],
"references": [
{
"url": "https://github.com/nextcloud/groupfolders/issues/1692",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m4wp-r357-4q94",
"source": "security-advisories@github.com",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/29362",
"source": "security-advisories@github.com",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202208-17",
"source": "security-advisories@github.com",
"tags": [
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/groupfolders/issues/1692",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-m4wp-r357-4q94",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Third Party Advisory"
]
},
{
"url": "https://github.com/nextcloud/server/pull/29362",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
]
},
{
"url": "https://security.gentoo.org/glsa/202208-17",
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink