CVE-2021-39222 - OpenCVE

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy.

No CVSS v4.0

Attack Vector Network

Attack Complexity High

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact Partial

Availability Impact None

AV:N/AC:M/Au:N/C:N/I:P/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Talk

Configuration 1 [-]

OR	cpe:2.3:a:nextcloud:talk::::::::
	cpe:2.3:a:nextcloud:talk::::::::
	cpe:2.3:a:nextcloud:talk::::::::

No data.

References

Link	Providers
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g
https://github.com/nextcloud/spreed/pull/542
https://hackerone.com/reports/1135481

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-11-15T18:30:13

Updated: 2024-08-04T01:58:18.181Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39222

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-11-15T19:15:07.297

Modified: 2021-11-17T18:43:10.867

Link: CVE-2021-39222

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "security-advisories", "vendor": "nextcloud", "versions": [{"status": "affected", "version": "< 10.0.7"}, {"status": "affected", "version": ">= 10.1.0, < 10.1.4"}, {"status": "affected", "version": ">= 11.1.0, < 11.1.2"}, {"status": "affected", "version": "< 11.2.0"}, {"status": "affected", "version": ">= 12.0.0.alpha-1, < 12.0.0"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy."}], "metrics": [{"cvssV3_1": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-434", "description": "CWE-434: Unrestricted Upload of File with Dangerous Type", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-79", "description": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-11-15T18:30:13", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/spreed/pull/542"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1135481"}], "source": {"advisory": "GHSA-xhxq-f4vg-jw5g", "discovery": "UNKNOWN"}, "title": "XSS in Talk", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39222", "STATE": "PUBLIC", "TITLE": "XSS in Talk"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "security-advisories", "version": {"version_data": [{"version_value": "< 10.0.7"}, {"version_value": ">= 10.1.0, < 10.1.4"}, {"version_value": ">= 11.1.0, < 11.1.2"}, {"version_value": "< 11.2.0"}, {"version_value": ">= 12.0.0.alpha-1, < 12.0.0"}]}}]}, "vendor_name": "nextcloud"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy."}]}, "impact": {"cvss": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-434: Unrestricted Upload of File with Dangerous Type"}]}, {"description": [{"lang": "eng", "value": "CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g", "refsource": "CONFIRM", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g"}, {"name": "https://github.com/nextcloud/spreed/pull/542", "refsource": "MISC", "url": "https://github.com/nextcloud/spreed/pull/542"}, {"name": "https://hackerone.com/reports/1135481", "refsource": "MISC", "url": "https://hackerone.com/reports/1135481"}]}, "source": {"advisory": "GHSA-xhxq-f4vg-jw5g", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:18.181Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/spreed/pull/542"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1135481"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39222", "datePublished": "2021-11-15T18:30:13", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:18.181Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D48B927-D0DB-4981-AE40-3084AB7646B1", "versionEndExcluding": "10.0.7", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "matchCriteriaId": "B64ECEAF-FA2E-42E0-AE30-3BB1C0C835FA", "versionEndExcluding": "10.1.4", "versionStartIncluding": "10.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:talk:*:*:*:*:*:*:*:*", "matchCriteriaId": "BE3F28FB-17E4-43F1-AFE1-2BA9FC1FAB9B", "versionEndExcluding": "11.1.2", "versionStartIncluding": "11.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud Talk application was vulnerable to a stored Cross-Site Scripting (XSS) vulnerability. For exploitation, a user would need to right-click on a malicious file and open the file in a new tab. Due the strict Content-Security-Policy shipped with Nextcloud, this issue is not exploitable on modern browsers supporting Content-Security-Policy. It is recommended that the Nextcloud Talk application is upgraded to patched versions 10.0.7, 10.1.4, 11.1.2, 11.2.0 or 12.0.0. As a workaround, use a browser that has support for Content-Security-Policy."}, {"lang": "es", "value": "Nextcloud es una plataforma de productividad de c\u00f3digo abierto y auto alojada. La aplicaci\u00f3n Nextcloud Talk era susceptible a una vulnerabilidad de tipo Cross-Site Scripting (XSS) almacenada. Para una explotaci\u00f3n, un usuario tendr\u00eda que hacer clic con el bot\u00f3n derecho en un archivo malicioso y abrirlo en una nueva pesta\u00f1a. Debido a la estricta pol\u00edtica de seguridad de contenidos incluida en Nextcloud, este problema no es explotable en los navegadores modernos que soportan la pol\u00edtica de seguridad de contenidos. Es recomendado actualizar la aplicaci\u00f3n Nextcloud Talk a las versiones parcheadas 10.0.7, 10.1.4, 11.1.2, 11.2.0 o 12.0.0. Como soluci\u00f3n, use un navegador que tenga soporte para Content-Security-Policy"}], "id": "CVE-2021-39222", "lastModified": "2021-11-17T18:43:10.867", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.1, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.7, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:H/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-11-15T19:15:07.297", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xhxq-f4vg-jw5g"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/spreed/pull/542"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required", "Third Party Advisory"], "url": "https://hackerone.com/reports/1135481"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-79"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}, {"lang": "en", "value": "CWE-79"}], "source": "security-advisories@github.com", "type": "Secondary"}]}