vulnerability
Arch Linux: Information disclosure (CVE-2021-32734)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:P/I:N/A:N) | Jul 12, 2021 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:P/I:N/A:N)
Published
Jul 12, 2021
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
In Nextcloud Server versions prior to 21.0.3, the Nextcloud Text application shipped with Nextcloud Server returned verbatim exception messages to the user. This could result in a full path disclosure on shared files. As a workaround, one may disable the Nextcloud Text application in Nextcloud Server app settings.
Solution
arch-linux-upgrade-latest
References
- CVE-2021-32734
- https://attackerkb.com/topics/CVE-2021-32734
- URL-https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6hf5-c2c4-2526
- URL-https://github.com/nextcloud/text/pull/1695
- URL-https://hackerone.com/reports/1246721
- URL-https://security.archlinux.org/ASA-202107-22
- URL-https://security.gentoo.org/glsa/202208-17
- CWE-209
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.