{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-18T02:31:16.098","vulnerabilities":[{"cve":{"id":"CVE-2021-39223","sourceIdentifier":"security-advisories@github.com","published":"2021-10-25T22:15:07.507","lastModified":"2024-11-21T06:18:56.700","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Richdocuments application prior to versions 3.8.6 and 4.2.3 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the Richdocuments application is upgraded to 3.8.6 or 4.2.3. As a workaround, disable the Richdocuments application in the app settings."},{"lang":"es","value":"Nextcloud es una plataforma de productividad de código abierto y auto-alojada. La aplicación Nextcloud Richdocuments versiones anteriores a 3.8.6 y 4.2.3, devolvía mensajes de excepción literales al usuario. Esto podría resultar en una revelación de la ruta completa en los archivos compartidos. (por ejemplo, un atacante podría ver que el archivo \"shared.txt\" se encuentra dentro de \"files/$username/Myfolder/Mysubfolder/shared.txt\"). Es recomendado actualizar la aplicación Richdocuments a la versión 3.8.6 o 4.2.3. Como solución, deshabilite la aplicación Richdocuments en la configuración de la aplicación"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:N/A:N","baseScore":4.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":1.2,"impactScore":3.6},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*","versionEndExcluding":"3.8.6","matchCriteriaId":"42C1FB8C-425E-464B-9302-7E6272BDCC1F"},{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*","versionStartIncluding":"4.0.0","versionEndExcluding":"4.2.3","matchCriteriaId":"2FB67AD1-8C13-4246-8E8D-3EE7855BA65D"}]}]}],"references":[{"url":"https://github.com/nextcloud/richdocuments/pull/1760","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rjcc-4cgj-6v93","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1253460","source":"security-advisories@github.com","tags":["Permissions Required","Third Party Advisory"]},{"url":"https://github.com/nextcloud/richdocuments/pull/1760","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-rjcc-4cgj-6v93","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://hackerone.com/reports/1253460","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Permissions Required","Third Party Advisory"]}]}}]}