5.3
CVE-2021-37629
- EPSS 0.38%
- Veröffentlicht 07.09.2021 21:15:08
- Zuletzt bearbeitet 21.11.2024 06:15:33
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginLack of ratelimit on Richdocuments OCS endpoint in nextcloud
Lack of ratelimit on Richdocuments OCS endpoint
Nextcloud Richdocuments is an open source collaborative office suite. In affected versions there is a lack of rate limiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. It is recommended that the Nextcloud Richdocuments app is upgraded to either 3.8.4 or 4.2.1 to resolve. For users unable to upgrade it is recommended that the Richdocuments application be disabled.
Mögliche Gegenmaßnahme
Nextcloud Richdocuments: Disable the Richdocuments application.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Nextcloud ≫ Richdocuments Version < 3.8.4
Nextcloud ≫ Richdocuments Version >= 4.0.0 < 4.2.1
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Nextcloud Richdocuments
Version
>= 0.0.0, < 3.8.4
Version
>= 4.2.0, < 4.2.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.38% | 0.592 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:P/I:N/A:N
|
| security-advisories@github.com | 5.3 | 3.9 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-770 Allocation of Resources Without Limits or Throttling
The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.