Support Us — Your donation helps us keep running

Goal: 1000 CNY,Raised: 1000 CNY

100.0%
Donate Now
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2021-37628
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
File Drop can be bypassed using Richdocuments app in nextcloud
Source: NVD (National Vulnerability Database)
Vulnerability Description
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
通过用户控制密钥绕过授权机制
Source: NVD (National Vulnerability Database)
Vulnerability Title
Nextcloud 信息泄露漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Richdocuments存在信息泄露漏洞,该漏洞源于在受影响的版本中,Richdocuments OCS端点没有速率限制。这可能允许攻击者可利用该漏洞枚举潜在的有效共享令牌。建议将Nextcloud Richdocuments应用升级到3.8.4或4.2.1来解决。对于无法升级的用户,建议禁用Richdocuments应用程序。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
nextcloudsecurity-advisories < 3.8.4 -
II. Public POCs for CVE-2021-37628
#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2021-37628
Please Login to view more intelligence information
New Vulnerabilities
Product: security-advisories
Vendor: nextcloud
Same weakness: CWE-639
V. Comments for CVE-2021-37628

No comments yet

Leave a comment