CVE-2021-39224 - OpenCVE

Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Nextcloud	Officeonline

Configuration 1 [-]

cpe:2.3:a:nextcloud:officeonline:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/nextcloud/officeonline/pull/204
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2021-10-25T21:40:17

Updated: 2024-08-04T01:58:18.174Z

Reserved: 2021-08-16T00:00:00

Link: CVE-2021-39224

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2021-10-25T22:15:07.577

Modified: 2021-10-29T14:48:38.833

Link: CVE-2021-39224

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "security-advisories", "vendor": "nextcloud", "versions": [{"status": "affected", "version": "< 1.1.1"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-200", "description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-25T21:40:17", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/officeonline/pull/204"}], "source": {"advisory": "GHSA-56wm-r6jm-3v9h", "discovery": "UNKNOWN"}, "title": "File path disclosure of shared files in OfficeOnline application", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-39224", "STATE": "PUBLIC", "TITLE": "File path disclosure of shared files in OfficeOnline application"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "security-advisories", "version": {"version_data": [{"version_value": "< 1.1.1"}]}}]}, "vendor_name": "nextcloud"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor"}]}]}, "references": {"reference_data": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h", "refsource": "CONFIRM", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h"}, {"name": "https://github.com/nextcloud/officeonline/pull/204", "refsource": "MISC", "url": "https://github.com/nextcloud/officeonline/pull/204"}]}, "source": {"advisory": "GHSA-56wm-r6jm-3v9h", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T01:58:18.174Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/officeonline/pull/204"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-39224", "datePublished": "2021-10-25T21:40:17", "dateReserved": "2021-08-16T00:00:00", "dateUpdated": "2024-08-04T01:58:18.174Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:officeonline:*:*:*:*:*:*:*:*", "matchCriteriaId": "61C2D596-4CBB-4888-B948-278F3D502F2B", "versionEndExcluding": "1.1.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Nextcloud is an open-source, self-hosted productivity platform. The Nextcloud OfficeOnline application prior to version 1.1.1 returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. (e.g. an attacker could see that the file `shared.txt` is located within `/files/$username/Myfolder/Mysubfolder/shared.txt`). It is recommended that the OfficeOnline application is upgraded to 1.1.1. As a workaround, one may disable the OfficeOnline application in the app settings."}, {"lang": "es", "value": "Nextcloud es una plataforma de productividad de c\u00f3digo abierto y auto-alojada. La aplicaci\u00f3n Nextcloud OfficeOnline versiones anteriores a 1.1.1, devolv\u00eda mensajes de excepci\u00f3n literales al usuario. Esto podr\u00eda resultar en una revelaci\u00f3n de la ruta completa en los archivos compartidos. (por ejemplo, un atacante podr\u00eda ver que el archivo \"shared.txt\" se encuentra dentro de \"/files/$username/Myfolder/Mysubfolder/shared.txt\"). Es recomendado actualizar la aplicaci\u00f3n OfficeOnline a la versi\u00f3n 1.1.1. Como soluci\u00f3n, se puede deshabilitar la aplicaci\u00f3n OfficeOnline en la configuraci\u00f3n de la aplicaci\u00f3n"}], "id": "CVE-2021-39224", "lastModified": "2021-10-29T14:48:38.833", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 3.5, "baseSeverity": "LOW", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.1, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-10-25T22:15:07.577", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/nextcloud/officeonline/pull/204"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-56wm-r6jm-3v9h"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-200"}], "source": "security-advisories@github.com", "type": "Secondary"}]}