nextcloud nextcloud_server 不充分的日志记录

admin

0
文章

0
评论

2023-12-01 13:45:05 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 nextcloud nextcloud_server 不充分的日志记录

CVE编号

CVE-2021-32680

利用情况

暂无

补丁情况

官方补丁

披露时间

2021-07-12

漏洞描述

Nextcloud Server is a Nextcloud package that handles data storage. In versions priot to 19.0.13, 20.0.11, and 21.0.3, Nextcloud Server audit logging functionality wasn't properly logging events for the unsetting of a share expiration date. This event is supposed to be logged. This issue is patched in versions 19.0.13, 20.0.11, and 21.0.3.

解决建议

建议您更新当前系统或软件至最新版，完成漏洞的修复。

参考链接
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fxp...
https://github.com/nextcloud/server/pull/27024
https://hackerone.com/reports/1200810
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202208-17

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	nextcloud	nextcloud_server	*		Up to (excluding) 19.0.13
	运行在以下环境
	应用	nextcloud	nextcloud_server	*	From (including) 20.0.0	Up to (excluding) 20.0.11
	运行在以下环境
	应用	nextcloud	nextcloud_server	*	From (including) 21.0.0	Up to (excluding) 21.0.3
	运行在以下环境
	系统	fedora_33	nextcloud	*		Up to (excluding) 19.0.13-1.fc33
	运行在以下环境
	系统	fedora_33_Modular	nextcloud	*		Up to (excluding) nextcloud_21-3320210712182939.601d93de
	运行在以下环境
	系统	fedora_34	nextcloud	*		Up to (excluding) 20.0.11-1.fc34
	运行在以下环境
	系统	fedora_34_Modular	nextcloud	*		Up to (excluding) nextcloud_20-3420210712182853.058368ca
	运行在以下环境
	系统	fedora_Epel_8_Modular	nextcloud	*		Up to (excluding) nextcloud_21-820210712182939.9edba152
	运行在以下环境
	系统	opensuse_Leap_15.2	nextcloud-apache	*		Up to (excluding) 20.0.11-bp153.2.3.1
	运行在以下环境
	系统	opensuse_Leap_15.3	nextcloud-apache	*		Up to (excluding) 20.0.11-bp153.2.3.1