CVE-2021-32725

Summary

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

Affected Software

VendorProductVersion RangeStatus
nextcloudsecurity-advisories< 19.0.13affected
nextcloudsecurity-advisories>= 20.0.0, < 20.0.11affected
nextcloudsecurity-advisories>= 21.0.0, < 21.0.3affected

Weaknesses

  • CWE-277: CWE-277: Insecure Inherited Permissions

ADP Enrichment

CVE Program Container

Additional References

References