{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-17T01:22:25.500","vulnerabilities":[{"cve":{"id":"CVE-2021-32656","sourceIdentifier":"security-advisories@github.com","published":"2021-06-01T22:15:08.173","lastModified":"2024-11-21T06:07:28.323","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud Server is a Nextcloud package that handles data storage. A vulnerability in federated share exists in versions prior to 19.0.11, 20.0.10, and 21.0.2. An attacker can gain access to basic information about users of a server by accessing a public link that a legitimate server user added as a federated share. This happens because Nextcloud supports sharing registered users with other Nextcloud servers, which can be done automatically when selecting the \"Add server automatically once a federated share was created successfully\" setting. The vulnerability is patched in versions 19.0.11, 20.0.10, and 21.0.2 As a workaround, disable \"Add server automatically once a federated share was created successfully\" in the Nextcloud settings."},{"lang":"es","value":"Nextcloud Server es un paquete de Nextcloud que se encarga del almacenamiento de datos. Se presenta una vulnerabilidad en el recurso compartido federado en las versiones anteriores a la 19.0.11, 20.0.10 y 21.0.2. Un atacante puede obtener acceso a información básica sobre los usuarios de un servidor al acceder a un enlace público que un usuario legítimo del servidor haya añadido como recurso compartido federado. Esto ocurre porque Nextcloud admite compartir usuarios registrados con otros servidores Nextcloud, lo que puede hacerse automáticamente al seleccionar el ajuste \"Add server automatically once a federated share was created successfully\". La vulnerabilidad está parcheada en versiones 19.0.11, 20.0.10 y 21.0.2 Como solución, deshabilitar la opción \"Add server automatically once a federated share was created successfully\" en la configuración de Nextcloud"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N","baseScore":8.6,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":4.0}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-284"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-Other"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionEndExcluding":"19.0.11","matchCriteriaId":"90D08DF1-6127-40C6-834D-CEF965C1F55D"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartIncluding":"20.0.0","versionEndExcluding":"20.0.10","matchCriteriaId":"5EA550E2-F2F1-4AB8-A713-6EEB5E420CB5"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*","versionStartIncluding":"21.0.0","versionEndExcluding":"21.0.2","matchCriteriaId":"945C1E54-23CC-4AEF-9E0E-07CDA425C91D"}]}]}],"references":[{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j875-vr2q-h6x6","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1167853","source":"security-advisories@github.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-17","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-j875-vr2q-h6x6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1167853","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://security.gentoo.org/glsa/202208-17","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}