Home > Vulnerability Database > CVE-2021-41233

Mend.io Vulnerability Database

CVE-2021-41233

Good to know:

Date: March 10, 2022

Nextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of "File Drop". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.

Language: PHP

Severity Score

5.3

Related Resources (4)

Url: https://github.com/nextcloud/text/pull/1884

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41233

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-26c8-35cm-xq9m

Url: https://www.mend.io/vulnerability-database/CVE-2021-41233

Severity Score

5.3

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version v20.0.14, v21.0.6 , v22.2.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE

CVSS v2

Base Score:	4.3
Access Vector (AV):	NETWORK
Access Complexity (AC):	MEDIUM
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41233

Good to know:

Date: March 10, 2022

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

CVSS v2

Do you need more information?