Lucene search
HackeroneCVELIST:CVE-2021-22877HistoryMar 03, 2021 - 5:39 p.m.
CVE-2021-22877
2021-03-0317:39:15
CWE-284
hackerone
www.cve.org
1
A missing user check in Nextcloud prior to 20.0.6 inadvertently populates a user’s own credentials for other users external storage configuration when not already configured yet.
CNA Affected
[
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 20.0.6"
}
]
}
]Related
cve
cve
CVE-2021-22877
2021-03-03 18:15:14
osv
osv
CVE-2021-22877
2021-03-03 18:15:14
hackerone
hackerone
Nextcloud: Acting under any different user via DB-stored credentials
2020-12-18 12:53:55
nvd
nvd
CVE-2021-22877
2021-03-03 18:15:14
prion
prion
Code injection
2021-03-03 18:15:00
nextcloud
nextcloud
External storage credentials stored for wrong user (NC-SA-2021-004)
2021-01-25 00:00:00
redhatcve
redhatcve
CVE-2021-22877
2022-05-20 23:18:41
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (NC-SA-2021-004, NC-SA-2021-005)
2021-03-08 00:00:00
Fedora: Security Advisory for nextcloud (FEDORA-2021-eac0e52f88)
2021-07-11 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: nextcloud-20.0.10-1.fc34
2021-07-09 01:03:33