CVE-2021-32726: 
Linux openSUSE vulnerability analysis and mitigation

Nextcloud Server, a package that handles data storage, was found to have a security vulnerability where webauthn tokens were not properly deleted after a user deletion. This vulnerability, identified as CVE-2021-32726, affected versions prior to 19.0.13, 20.011, and 21.0.3. The issue was discovered and disclosed in mid-2021, with fixes released in versions 19.0.13, 20.0.11, and 21.0.3 (GitHub Advisory, CVE Mitre).

The vulnerability stems from a failure in the cleanup process where webauthn tokens remained in the system after user deletion. This implementation flaw was tracked as CWE-708. The issue was addressed by adding a listener on user deletion to properly clean up the webauthn table (GitHub PR). The vulnerability received a High severity rating due to its potential impact on account security (GitHub Advisory).

If exploited, this vulnerability could allow a previous user to gain unauthorized access to a new user's account if the new user happened to register with a username that was previously used. This security flaw potentially compromised account security and authentication integrity (GitHub Advisory).

No workarounds were available for this vulnerability. The only recommended solution was to upgrade Nextcloud Server to versions 19.0.13, 20.0.11, or 21.0.3, which contained the necessary security fixes (GitHub Advisory).