Home > Vulnerability Database > CVE-2021-41239

Mend.io Vulnerability Database

CVE-2021-41239

Good to know:

Date: March 8, 2022

Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.

Language: PHP

Severity Score

7.5

Related Resources (6)

Url: https://security.gentoo.org/glsa/202208-17

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g722-cm3h-8wrx

Url: https://github.com/nextcloud/server/issues/27122

Url: https://nvd.nist.gov/vuln/detail/CVE-2021-41239

Url: https://github.com/nextcloud/server/pull/29260

Url: https://www.mend.io/vulnerability-database/CVE-2021-41239

Severity Score

7.5

Weakness Type (CWE)

Information Leak / Disclosure

CWE-200

Top Fix

Upgrade Version

Upgrade to version v20.0.14;v21.0.6;v22.2.1

Learn More

CVSS v3

Base Score:	7.5
Attack Vector (AV):
Attack Complexity (AC):
Privileges Required (PR):
User Interaction (UI):
Scope (S):
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL

CVSS v2

Base Score:	5.3
Access Vector (AV):
Access Complexity (AC):
Authentication (AU):
Confidentiality (C):	LOW
Integrity (I):	NONE
Availability (A):	NONE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2021-41239

Good to know:

Date: March 8, 2022

Language: PHP

Severity Score

Related Resources (6)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3

CVSS v2

Do you need more information?