CVE-2021-41178

EPSS 0.56%
Published 25.10.2021 22:15:07
Last modified 21.11.2024 06:25:41
Source security-advisories@github.com
Teams watchlist Login
Open Login

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, a file traversal vulnerability makes an attacker able to download arbitrary SVG images from the host system, including user provided files. This could also be leveraged into a XSS/phishing attack, an attacker could upload a malicious SVG file that mimics the Nextcloud login form and send a specially crafted link to victims. The XSS risk here is mitigated due to the fact that Nextcloud employs a strict Content-Security-Policy disallowing execution of arbitrary JavaScript. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5 or 22.2.0. There are no known workarounds aside from upgrading.

Affected products Warnungen 0 Metrics 4 CWE 3 References 7

Data is provided by the National Vulnerability Database (NVD)

Nextcloud ≫ Server Version >= 20.0.3 < 20.0.13

Nextcloud ≫ Server Version >= 21.0.1 < 21.0.5

Nextcloud ≫ Server Version >= 22.1.1 < 22.2.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.56%	0.673

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:P/I:N/A:N
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CWE-23 Relative Path Traversal

The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.

CWE-434 Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

https://security.gentoo.org/glsa/202208-17

Third Party Advisory

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-jp9c-vpr3-m5rf

Third Party Advisory

https://github.com/nextcloud/server/pull/28726

Patch

Third Party Advisory

https://hackerone.com/reports/1302155

Permissions Required

https://nvd.nist.gov/vuln/detail/CVE-2021-41178

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-41178

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-41178

EUVD