{"containers": {"cna": {"affected": [{"product": "security-advisories", "vendor": "nextcloud", "versions": [{"status": "affected", "version": "< 3.8.3"}, {"status": "affected", "version": ">= 4.0.0, < 4.2.0"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-862", "description": "CWE-862: Missing Authorization", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-07-27T21:10:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/nextcloud/richdocuments/pull/1640"}, {"tags": ["x_refsource_MISC"], "url": "https://hackerone.com/reports/1194606"}], "source": {"advisory": "GHSA-24x8-h6m2-9jf2", "discovery": "UNKNOWN"}, "title": "WOPI API not protected by credentials/IP check", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-32748", "STATE": "PUBLIC", "TITLE": "WOPI API not protected by credentials/IP check"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "security-advisories", "version": {"version_data": [{"version_value": "< 3.8.3"}, {"version_value": ">= 4.0.0, < 4.2.0"}]}}]}, "vendor_name": "nextcloud"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-862: Missing Authorization"}]}]}, "references": {"reference_data": [{"name": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2", "refsource": "CONFIRM", "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"}, {"name": "https://github.com/nextcloud/richdocuments/pull/1640", "refsource": "MISC", "url": "https://github.com/nextcloud/richdocuments/pull/1640"}, {"name": "https://hackerone.com/reports/1194606", "refsource": "MISC", "url": "https://hackerone.com/reports/1194606"}]}, "source": {"advisory": "GHSA-24x8-h6m2-9jf2", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T23:33:55.958Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/nextcloud/richdocuments/pull/1640"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://hackerone.com/reports/1194606"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-32748", "datePublished": "2021-07-27T21:10:12", "dateReserved": "2021-05-12T00:00:00", "dateUpdated": "2024-08-03T23:33:55.958Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "2D82D1BA-6E5D-41E7-AE7B-C8A0AA82A274", "versionEndExcluding": "3.8.3", "vulnerable": true}, {"criteria": "cpe:2.3:a:nextcloud:richdocuments:*:*:*:*:*:*:*:*", "matchCriteriaId": "D6E701C3-AC42-49BA-8376-937788A3FDB7", "versionEndExcluding": "4.2.0", "versionStartIncluding": "4.0.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Nextcloud Richdocuments in an open source self hosted online office. Nextcloud uses the WOPI (\"Web Application Open Platform Interface\") protocol to communicate with the Collabora Editor, the communication between these two services was not protected by a credentials or IP check. Whilst this does not result in gaining access to data that the user has not yet access to, it can result in a bypass of any enforced watermark on documents as described on the [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) website and [our documentation](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). The Nextcloud Richdocuments releases 3.8.3 and 4.2.0 add an additional admin settings for an allowlist of IP addresses that can access the WOPI API. We recommend upgrading and configuring the allowlist to a list of Collabora servers. There is no known workaround. Note that this primarily results a bypass of any configured watermark or download protection using File Access Control. If you do not require or rely on these as a security feature no immediate action is required on your end."}, {"lang": "es", "value": "Nextcloud Richdocuments en una oficina online de c\u00f3digo abierto auto alojada. Nextcloud utiliza el protocolo WOPI (\"Web Application Open Platform Interface\") para comunicarse con el Editor Collabora, la comunicaci\u00f3n entre estos dos servicios no estaba protegida por una comprobaci\u00f3n de credenciales o IP. Si bien esto no da lugar a que se acceda a datos a los que el usuario a\u00fan no tiene acceso, s\u00ed puede dar lugar a que se eluda cualquier marca de agua impuesta en los documentos, tal y como se describe en el sitio web de [Nextcloud Virtual Data Room](https://nextcloud.com/virtual-data-room/) y en [nuestra documentaci\u00f3n](https://portal.nextcloud.com/article/nextcloud-and-virtual-data-room-configuration-59.html). Las versiones 3.8.3 y 4.2.0 de Nextcloud Richdocuments a\u00f1aden una configuraci\u00f3n administrativa adicional para una lista de direcciones IP que pueden acceder a la API WOPI. Se recomienda actualizar y configurar la lista de direcciones permitidas a una lista de servidores Collabora. No hay ninguna soluci\u00f3n conocida. Tenga en cuenta que esto resulta principalmente en una derivaci\u00f3n de cualquier marca de agua configurada o protecci\u00f3n de descarga utilizando el Control de Acceso a Archivos. Si usted no requiere o depende de estas caracter\u00edsticas de seguridad, no se requiere ninguna acci\u00f3n inmediata por su parte"}], "id": "CVE-2021-32748", "lastModified": "2024-11-21T06:07:39.843", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "NONE", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:S/C:N/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security-advisories@github.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-07-27T21:15:07.430", "references": [{"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/richdocuments/pull/1640"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1194606"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/richdocuments/pull/1640"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://github.com/nextcloud/security-advisories/security/advisories/GHSA-24x8-h6m2-9jf2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Permissions Required"], "url": "https://hackerone.com/reports/1194606"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security-advisories@github.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "CWE-862"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}