{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-29T16:53:45.945","vulnerabilities":[{"cve":{"id":"CVE-2021-39224","sourceIdentifier":"security-advisories@github.com","published":"2021-10-25T22:15:07.577","lastModified":"2024-11-21T06:18:56.860","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings."},{"lang":"es","value":"Nextcloud es una plataforma de productividad de código abierto y auto-alojada. La aplicación Nextcloud OfficeOnline versiones anteriores a 1.1.1, devolvía mensajes de excepción literales al usuario. Esto podría resultar en una revelación de la ruta completa en los archivos compartidos. (por ejemplo, un atacante podría ver que el archivo \"shared.txt\" se encuentra dentro de \"/files/$username/Myfolder/Mysubfolder/shared.txt\"). Es recomendado actualizar la aplicación OfficeOnline a la versión 1.1.1. Como solución, se puede deshabilitar la aplicación OfficeOnline en la configuración de la aplicación"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N","baseScore":3.5,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"REQUIRED","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":2.1,"impactScore":1.4},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-200"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"NVD-CWE-noinfo"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:nextcloud:officeonline:*:*:*:*:*:*:*:*","versionEndExcluding":"1.1.1","matchCriteriaId":"61C2D596-4CBB-4888-B948-278F3D502F2B"}]}]}],"references":[{"url":"https://github.com/nextcloud/officeonline/pull/204","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/nextcloud/officeonline/pull/204","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}