CVE-2021-41178

EPSS 0.87%
Veröffentlicht 25.10.2021 22:15:07
Zuletzt bearbeitet 21.11.2024 06:25:41
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

File Traversal affecting SVG files on Nextcloud Server

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.

Mögliche Gegenmaßnahme

Server: None.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 3 Referenzen 8

NVD 3 VulnDex Vulnerability Enrichment 2

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Nextcloud ≫ Server Version >= 20.0.3 < 20.0.13

Nextcloud ≫ Server Version >= 21.0.1 < 21.0.5

Nextcloud ≫ Server Version >= 22.1.1 < 22.2.0

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Weitere Schwachstelleninformationen

SystemNextcloud

≫

Produkt Server

Version >= 0.0.0, < 20.0.13

Version >= 21.0.0, < 21.0.5

Version >= 22.2.0, < 22.2.0

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.87%	0.744

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://security.gentoo.org/glsa/202208-17

Third Party Advisory

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jp9c-vpr3-m5rf

Third Party Advisory

https://github.com/nextcloud/server/pull/28726

Patch

Third Party Advisory

https://hackerone.com/reports/1302155

Permissions Required

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jp9c-vpr3-m5rf