Vulnerability DatabaseCVE-2021-32678

CVE-2021-32678:
Linux Fedora vulnerability analysis and mitigation

Overview

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (OCSController) using the @BruteForceProtection annotation (GitHub Advisory).

Technical details

The vulnerability stems from the BaseResponse converter not taking over any throttling state from the DataResponse, which affects OCS API responses. The issue impacts any OCS API controller using the @BruteForceProtection annotation. The vulnerability has been assigned a CVSS v3.1 base score of 5.3 MEDIUM (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N) (NVD).

Impact

The risk depends on the installed applications on the Nextcloud Server, with potential impacts ranging from bypassing authentication ratelimits to enabling spam attacks against other Nextcloud users (GitHub Advisory).

Mitigation and workarounds

The vulnerability has been patched in Nextcloud Server versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist (GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related Linux Fedora vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-66287	HIGH	8.8	Alma Linux	webkit2gtk3-jsc	No	Yes	Dec 04, 2025
CVE-2025-12744	HIGH	8.8	Linux Fedora	abrt-python	No	Yes	Dec 03, 2025
CVE-2025-13601	HIGH	7.7	CBL Mariner	glib2	No	Yes	Nov 26, 2025
CVE-2025-13947	HIGH	7.4	Alma Linux	javascriptcoregtk4.1	No	Yes	Dec 03, 2025
CVE-2025-63938	MEDIUM	6.5	Linux Debian	tinyproxy-debuginfo	No	Yes	Nov 26, 2025