CVE-2021-32680

Summary

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 19.0.13affected
nextcloudsecurity-advisories>= 20.0.0, < 20.0.11affected
nextcloudsecurity-advisories>= 21.0.0, < 21.0.3affected

Weaknesses

  • CWE-778: CWE-778: Insufficient Logging

ADP Enrichment

CVE Program Container

Additional References

References