CVE-2021-32801 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2021-32801 Interim 1 13 2025-02-17T00:36:41Z current 2021-09-09T01:01:35Z 2025-02-17T00:36:41Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2021-32801 Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KB2IJ2VSI6P5WFS6XKMPAPGT6545U4WN/ E-Mail link for openSUSE-SU-2021:1250-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/5PSLXDEBLEPENTY4PS62BFVL7QHFQ2RC/ E-Mail link for openSUSE-SU-2021:1252-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/KTAQAEILOXFUPY3SZFAMY4NQGD5OXQX3/ E-Mail link for openSUSE-SU-2021:1253-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/FGLFYZROCOIJAG7C45FNC4EUIMNFJRIL/ E-Mail link for openSUSE-SU-2021:1255-1 https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4MPG3PDTQCC4GNWH7SOI44CK2TZJDN5R/ E-Mail link for openSUSE-SU-2021:1275-1 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Package Hub 12 SUSE Package Hub 15 SP1 SUSE Package Hub 15 SP2 SUSE Package Hub 15 SP3 openSUSE Leap 15.2 openSUSE Leap 15.3 nextcloud-20.0.12-31.1 nextcloud-20.0.12-bp151.3.18.1 nextcloud-20.0.12-bp152.2.12.1 nextcloud-20.0.12-bp153.2.6.1 nextcloud-20.0.12-lp152.3.12.1 nextcloud-apache-20.0.12-31.1 nextcloud-apache-20.0.12-bp151.3.18.1 nextcloud-apache-20.0.12-bp152.2.12.1 nextcloud-apache-20.0.12-bp153.2.6.1 nextcloud-apache-20.0.12-lp152.3.12.1 nextcloud-20.0.12-31.1 as a component of SUSE Package Hub 12 nextcloud-apache-20.0.12-31.1 as a component of SUSE Package Hub 12 nextcloud-20.0.12-bp151.3.18.1 as a component of SUSE Package Hub 15 SP1 nextcloud-apache-20.0.12-bp151.3.18.1 as a component of SUSE Package Hub 15 SP1 nextcloud-20.0.12-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 nextcloud-apache-20.0.12-bp152.2.12.1 as a component of SUSE Package Hub 15 SP2 nextcloud-20.0.12-bp153.2.6.1 as a component of SUSE Package Hub 15 SP3 nextcloud-apache-20.0.12-bp153.2.6.1 as a component of SUSE Package Hub 15 SP3 nextcloud-20.0.12-lp152.3.12.1 as a component of openSUSE Leap 15.2 nextcloud-apache-20.0.12-lp152.3.12.1 as a component of openSUSE Leap 15.2 nextcloud-20.0.12-bp153.2.6.1 as a component of openSUSE Leap 15.3 nextcloud-apache-20.0.12-bp153.2.6.1 as a component of openSUSE Leap 15.3 Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug. CVE-2021-32801 SUSE Package Hub 12:nextcloud-20.0.12-31.1 SUSE Package Hub 12:nextcloud-apache-20.0.12-31.1 SUSE Package Hub 15 SP1:nextcloud-20.0.12-bp151.3.18.1 SUSE Package Hub 15 SP1:nextcloud-apache-20.0.12-bp151.3.18.1 SUSE Package Hub 15 SP2:nextcloud-20.0.12-bp152.2.12.1 SUSE Package Hub 15 SP2:nextcloud-apache-20.0.12-bp152.2.12.1 SUSE Package Hub 15 SP3:nextcloud-20.0.12-bp153.2.6.1 SUSE Package Hub 15 SP3:nextcloud-apache-20.0.12-bp153.2.6.1 openSUSE Leap 15.2:nextcloud-20.0.12-lp152.3.12.1 openSUSE Leap 15.2:nextcloud-apache-20.0.12-lp152.3.12.1 openSUSE Leap 15.3:nextcloud-20.0.12-bp153.2.6.1 openSUSE Leap 15.3:nextcloud-apache-20.0.12-bp153.2.6.1 critical 2.1 AV:L/AC:L/Au:N/C:P/I:N/A:N 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N