Unrated severityNVD Advisory· Published Sep 7, 2021· Updated Aug 4, 2024
File Drop can be bypassed using Richdocuments app in nextcloud
CVE-2021-37628
Description
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions the File Drop features ("Upload Only" public link shares in Nextcloud) can be bypassed using the Nextcloud Richdocuments app. An attacker was able to read arbitrary files in such a share. It is recommended that the Nextcloud Richdocuments is upgraded to 3.8.4 or 4.2.1. If upgrading is not possible then it is recommended to disable the Richdocuments application.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
2- Range: <3.8.4 || >=4.0.0 <4.2.1
- nextcloud/security-advisoriesv5Range: < 3.8.4
Patches
Vulnerability mechanics
References
3- github.com/nextcloud/richdocuments/pull/1664mitrex_refsource_MISC
- github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7wmitrex_refsource_CONFIRM
- hackerone.com/reports/1253403mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.