How severe is CVE-2021-32766?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.3 out of 10.

What type of vulnerability is CVE-2021-32766?

This is classified as CWE-209, which is a common weakness in software security.

CVE-2021-32766 - MEDIUM Severity | CVSS 5.3

Vulnerability Description

Nextcloud Text is an open source plaintext editing application which ships with the nextcloud server. In affected versions the Nextcloud Text application returned different error messages depending on whether a folder existed in a public link share. This is problematic in case the public link share has been created with "Upload Only" privileges. (aka "File Drop"). A link share recipient is not expected to see which folders or files exist in a "File Drop" share. Using this vulnerability an attacker is able to enumerate folders in such a share. Exploitation requires that the attacker has access to a valid affected "File Drop" link share. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.0.1. Users who are unable to upgrade are advised to disable the Nextcloud Text application in the app settings.

Related Vulnerabilities

CVE-2013-6879

MEDIUM

CVSS:5.3(Medium)

The Mijosoft MijoSearch component 2.0.1 and earlier for Joomla! allows remote attackers to obtain sensitive information via a request to component/mijosearch/search, which reveals the installation pat...

CWE-2092013

CVE-2018-1073

MEDIUM

CVSS:5.3(Medium)

The web console login form in ovirt-engine before version 4.2.3 returned different errors for non-existent users and invalid passwords, allowing an attacker to discover the names of valid user account...

CWE-2092018

CVE-2018-12536

MEDIUM

CVSS:5.3(Medium)

In Eclipse Jetty Server, all 9.x versions, on webapps deployed using default Error Handling, when an intentionally bad query arrives that doesn't match a dynamic url-pattern, and is eventually handled...

CWE-2092018

CVE-2018-14907

MEDIUM

CVSS:5.3(Medium)

The Web server in 3CX version 15.5.8801.3 is vulnerable to Information Leakage, because of improper error handling in Stack traces, as demonstrated by discovering a full pathname.

CWE-2092018

CVE-2019-1020013

MEDIUM

CVSS:5.3(Medium)

parse-server before 3.6.0 allows account enumeration.

CWE-2092019

CVE-2019-11602

MEDIUM

CVSS:5.3(Medium)

Leakage of stack traces in remote access to backup & restore in earlier versions than ProSyst mBS SDK 8.2.6 and Bosch IoT Gateway Software 9.2.0 allows remote attackers to gather information about the...

CWE-2092019