What is CVE-2021-32655?

CVE-2021-32655 is a low-severity vulnerability in Nextcloud Security-advisories, classified under CWE-241. CVSS score: 3.5/10. Published 2021-06-01.

How severe is CVE-2021-32655?

Low severity. CVSS v3 base score is 3.5 out of 10.

Vulnerability in Nextcloud Security-advisories

CVE-2021-32655

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.11, 20.0.10, and 21.0.2, an attacker is able to convert a Files Drop link to a federated share. This causes an issue on the UI side of the sharing…

EPSS: 0.004 (57.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 3.5 (Low). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N.

Affected products

Nextcloud Security-advisories — versions < 19.0.11, >= 20.0.0, < 20.0.10, >= 21.0.0, < 21.0.2

Weakness classification (CWE)

CWE-241

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-grph-cm44-p3jv (x_refsource_CONFIRM)
hackerone.com/reports/1167929 (x_refsource_MISC)
GLSA-202208-17 (vendor-advisory, x_refsource_GENTOO)

Frequently asked questions

What is CVE-2021-32655?: CVE-2021-32655 is a low-severity vulnerability in Nextcloud Security-advisories, classified under CWE-241. CVSS score: 3.5/10. Published 2021-06-01.
How severe is CVE-2021-32655?: Low severity. CVSS v3 base score is 3.5 out of 10.