Lucene search
China National Vulnerability DatabaseCNVD-2021-102880HistoryOct 28, 2021 - 12:00 a.m.
Nextcloud file traversal vulnerability
2021-10-2800:00:00
China National Vulnerability Database
www.cnvd.org.cn
20
0.002 Low
EPSS
Percentile
53.6%
Nextcloud is an open source set of self-hosted file synchronization and sharing communication applications platform from Germany-based Nextcloud. nextcloud has a file traversal vulnerability in versions prior to 20.0.13, 21.0.5, and 22.2.0, which stems from a lack of authentication, access control, permission management, and other security measures in the network system or product. An attacker is able to download arbitrary SVG images, including user-supplied files, from the host system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| nextcloud nextcloud | lt | 20.0.13 | |
| nextcloud nextcloud | lt | 21.0.5 | |
| nextcloud nextcloud | lt | 22.2.0 |
Related
nvd
nvd
CVE-2021-41178
2021-10-25 22:15:07
nextcloud
nextcloud
File Traversal affecting SVG files on Nextcloud Server
2021-10-25 11:49:36
prion
prion
Design/Logic Flaw
2021-10-25 22:15:00
osv
osv
CVE-2021-41178
2021-10-25 22:15:07
cve
cve
CVE-2021-41178
2021-10-25 22:15:07
cvelist
cvelist
CVE-2021-41178 File Traversal affecting SVG files on Nextcloud Server
2021-10-25 21:55:11
openvas
openvas
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)
2022-02-08 00:00:00
Nextcloud Server Multiple Vulnerabilities (Oct 2021)
2021-10-27 00:00:00
nessus
nessus
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1602-1)
2021-12-21 00:00:00
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00
suse
suse
Security update for nextcloud (important)
2021-12-20 00:00:00
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00