CVE-2021-41233

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.

Published: Mar 10, 2022
Updated: Apr 14, 2023
CVE: CVE-2021-41233
Severity: Medium
Exploit:

CVSS v3:

Severity: Medium
Score: 5.3
AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

CVSS v2:

Severity: Low
Score: 4.3
AV:N/AC:M/Au:N/C:P/I:N/A:N

CWEs:

CWE-863

Affected Software
References

Software	From	Fixed in
nextcloud / nextcloud_server	-	20.0.14
nextcloud / nextcloud_server	21.0.0	21.0.6
nextcloud / nextcloud_server	22.2.0	22.2.1

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-26c8-35cm-xq9m
https://github.com/nextcloud/text/pull/1884

Vulnerability Database

289,697

CVE-2021-41233