Insecure Inherited Permissions

CVE-2021-32725

Medium

5.3/10

Summary

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, default share permissions were not being respected for federated reshares of files and folders. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

Attack Complexity: LOW
Attack Vector: NETWORK
Integrity Impact: NONE
Scope: UNCHANGED
User Interaction: NONE
Privileges Required: NONE
Confidentiality Impact: LOW
Availability Impact: NONE

CWE-277 - Insecure Inherited Permissions

A product defines a set of insecure permissions that are inherited by objects that are created by the program.

References

Advisory Timeline

Published Jul 12, 2021

Insecure Inherited Permissions

CVE-2021-32725

Summary

CWE-277 - Insecure Inherited Permissions

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS