CVE-2021-32741 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-32741 Interim 1 11 2025-02-17T00:37:00Z current 2021-07-21T00:56:38Z 2025-02-17T00:37:00Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-32741 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/XBA6BUWCG7GXG6XVXJPYJLSFVWJRSYU7/ E-Mail link for openSUSE-SU-2021:1068-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 SUSE Package Hub 15 SP3 openSUSE Leap 15.2 openSUSE Leap 15.3 nextcloud-20.0.11-28.1 nextcloud-20.0.11-bp151.3.15.1 nextcloud-20.0.11-bp152.2.9.1 nextcloud-20.0.11-bp153.2.3.1 nextcloud-20.0.11-lp152.3.9.1 nextcloud-apache-20.0.11-28.1 nextcloud-apache-20.0.11-bp151.3.15.1 nextcloud-apache-20.0.11-bp152.2.9.1 nextcloud-apache-20.0.11-bp153.2.3.1 nextcloud-apache-20.0.11-lp152.3.9.1 nextcloud-20.0.11-28.1 as a component of SUSE Package Hub 12 nextcloud-apache-20.0.11-28.1 as a component of SUSE Package Hub 12 nextcloud-20.0.11-bp151.3.15.1 as a component of SUSE Package Hub 15 SP1 nextcloud-apache-20.0.11-bp151.3.15.1 as a component of SUSE Package Hub 15 SP1 nextcloud-20.0.11-bp152.2.9.1 as a component of SUSE Package Hub 15 SP2 nextcloud-apache-20.0.11-bp152.2.9.1 as a component of SUSE Package Hub 15 SP2 nextcloud-20.0.11-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 nextcloud-apache-20.0.11-bp153.2.3.1 as a component of SUSE Package Hub 15 SP3 nextcloud-20.0.11-lp152.3.9.1 as a component of openSUSE Leap 15.2 nextcloud-apache-20.0.11-lp152.3.9.1 as a component of openSUSE Leap 15.2 nextcloud-20.0.11-bp153.2.3.1 as a component of openSUSE Leap 15.3 nextcloud-apache-20.0.11-bp153.2.3.1 as a component of openSUSE Leap 15.3 Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds. CVE-2021-32741 SUSE Package Hub 12:nextcloud-20.0.11-28.1 SUSE Package Hub 12:nextcloud-apache-20.0.11-28.1 SUSE Package Hub 15 SP1:nextcloud-20.0.11-bp151.3.15.1 SUSE Package Hub 15 SP1:nextcloud-apache-20.0.11-bp151.3.15.1 SUSE Package Hub 15 SP2:nextcloud-20.0.11-bp152.2.9.1 SUSE Package Hub 15 SP2:nextcloud-apache-20.0.11-bp152.2.9.1 SUSE Package Hub 15 SP3:nextcloud-20.0.11-bp153.2.3.1 SUSE Package Hub 15 SP3:nextcloud-apache-20.0.11-bp153.2.3.1 openSUSE Leap 15.2:nextcloud-20.0.11-lp152.3.9.1 openSUSE Leap 15.2:nextcloud-apache-20.0.11-lp152.3.9.1 openSUSE Leap 15.3:nextcloud-20.0.11-bp153.2.3.1 openSUSE Leap 15.3:nextcloud-apache-20.0.11-bp153.2.3.1 moderate 5 AV:N/AC:L/Au:N/C:P/I:N/A:N 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N