Vulnerability DatabaseCVE-2021-32705

CVE-2021-32705:
Linux Fedora vulnerability analysis and mitigation

Overview

Nextcloud Server, a data storage package, was found to have a vulnerability in versions prior to 19.0.13, 20.011, and 21.0.3 due to a lack of ratelimiting on the public DAV endpoint. The vulnerability was discovered and disclosed in July 2021 (GitHub Advisory).

Technical details

The vulnerability stems from missing rate limiting controls on the public WebDAV endpoint, which could allow attackers to perform unlimited authentication attempts. This security flaw is tracked as CVE-2021-32705 with a CVSS v3.1 base score of 7.5 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N). The issue is classified under CWE-307 (Improper Restriction of Excessive Authentication Attempts) and CWE-799 (Improper Control of Interaction Frequency) (NVD).

Impact

The vulnerability could allow an attacker to enumerate potentially valid share tokens or credentials through unlimited authentication attempts against the public DAV endpoint (GitHub Advisory).

Mitigation and workarounds

The vulnerability was patched in Nextcloud Server versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds, and users are strongly recommended to upgrade to the patched versions (GitHub Advisory).

Additional resources

Source: This report was generated using AI

Related Linux Fedora vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-13601	HIGH	7.7	Linux Debian	glib2-tests-debuginfo	No	Yes	Nov 26, 2025
CVE-2025-13502	HIGH	7.5	Linux Debian	webkit2gtk3-jsc-devel	No	Yes	Nov 25, 2025
CVE-2025-64761	HIGH	7.5	Wolfi	openbao	No	Yes	Nov 25, 2025
CVE-2025-65018	HIGH	7.1	NixOS	firefox-x11	No	Yes	Nov 25, 2025
CVE-2025-64720	HIGH	7.1	NixOS	java-25-openjdk-src-fastdebug	No	Yes	Nov 25, 2025