Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-32801: Exceptions may have logged Encryption-at-Rest key content

Nextcloud server is an open source, self hosted personal cloud. In affected versions logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. If upgrading is not an option users are advised to disable system logging to resolve this issue until such time that an upgrade can be performed Note that ff you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.

CVE
Open in Source

Impact

Logging of exceptions may have resulted in logging potentially sensitive key material for the Nextcloud Encryption-at-Rest functionality.

Patches

It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0

Workarounds

Disable logging.

Note: If you do not use the Encryption-at-Rest functionality of Nextcloud you are not affected by this bug.

References

  • HackerOne
  • Pull Request

For more information

If you have any questions or comments about this advisory:

  • Create a post in nextcloud/security-advisories
  • Customers: Open a support ticket at support.nextcloud.com

Related news

Gentoo Linux Security Advisory 202208-17

Gentoo Linux Security Advisory 202208-17 - Multiple vulnerabilities have been found in Nextcloud, the worst of which could result in denial of service. Versions less than 23.0.4 are affected.

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE
CVE-2023-6905
CVE
CVE-2023-6903
CVE
CVE-2023-6904
CVE
CVE-2023-3907
CVE