CVE-2021-32657

Summary

Nextcloud Server is a Nextcloud package that handles data storage. In versions of Nextcloud Server prior to 10.0.11, 20.0.10, and 21.0.2, a malicious user may be able to break the user administration page. This would disallow administrators to administrate users on the Nextcloud instance. The vulnerability is fixed in versions 19.0.11, 20.0.10, and 21.0.2. As a workaround, administrators can use the OCC command line tool to administrate the Nextcloud users.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 19.0.11affected
nextcloudsecurity-advisories>= 20.0.0, < 20.0.10affected
nextcloudsecurity-advisories>= 21.0.0, < 21.0.2affected

Weaknesses

  • CWE-400: CWE-400: Uncontrolled Resource Consumption

ADP Enrichment

CVE Program Container

Additional References

References