Login Sign Up

CVE-2021-37628

7.5 HIGH
Authentication Bypass

📋 TL;DR

This vulnerability in Nextcloud Richdocuments allows attackers to bypass 'Upload Only' file drop restrictions and read arbitrary files from public link shares. It affects Nextcloud instances using the Richdocuments app with vulnerable versions. Organizations using Nextcloud for collaborative document editing are impacted.

💻 Affected Systems

Products:
  • Nextcloud Richdocuments
Versions: Versions before 3.8.4 and 4.2.1
Operating Systems: All platforms running Nextcloud
Default Config Vulnerable: ⚠️ Yes
Notes: Only affects instances with Richdocuments app enabled and using 'Upload Only' public link shares

📦 What is this software?

Richdocuments by Nextcloud

View all CVEs affecting Richdocuments →

Richdocuments by Nextcloud

View all CVEs affecting Richdocuments →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Unauthenticated attackers could access sensitive files shared via 'Upload Only' links, potentially exposing confidential documents, personal data, or internal information.

🟠

Likely Case

Attackers with knowledge of public share links could read files they shouldn't have access to, violating the intended 'upload only' restriction.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized file reads from specific share links rather than full system compromise.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires knowledge of public share URLs but no authentication

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.8.4 or 4.2.1

Vendor Advisory: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-pxhh-954f-8w7w

Restart Required: No

Instructions:

1. Update Nextcloud Richdocuments app via Nextcloud admin interface or command line. 2. For command line: sudo -u www-data php occ app:update richdocuments. 3. Verify update completed successfully.

🔧 Temporary Workarounds

Disable Richdocuments App

linux

Temporarily disable the vulnerable Richdocuments application

sudo -u www-data php occ app:disable richdocuments

🧯 If You Can't Patch

  • Disable all 'Upload Only' public link shares in Nextcloud settings
  • Monitor access logs for unusual file access patterns from Richdocuments endpoints

🔍 How to Verify

Check if Vulnerable:

Check Richdocuments app version in Nextcloud admin interface under Apps > Office & Text

Check Version:

sudo -u www-data php occ app:list | grep richdocuments

Verify Fix Applied:

Verify Richdocuments version is 3.8.4 or higher (for v3) or 4.2.1 or higher (for v4)

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns via Richdocuments endpoints
  • Multiple failed access attempts to 'Upload Only' shares

Network Indicators:

  • HTTP requests to Richdocuments endpoints with file read operations on public shares

SIEM Query:

source="nextcloud.log" AND ("richdocuments" OR "Upload Only") AND ("GET" OR "read") AND NOT "upload"

📊 Metadata

CVE ID: CVE-2021-37628
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-639
Published: September 7, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-37628, you might also want to check these:

CVE-2025-40805 10.0

This critical vulnerability allows unauthenticated remote attackers to bypass authentication on spec...

Same vulnerability type (CWE-639)
CVE-2024-45032 10.0

This critical vulnerability allows unauthenticated remote attackers to impersonate legitimate device...

Same vulnerability type (CWE-639)
CVE-2025-0987 9.9

CVE-2025-0987 is an authorization bypass vulnerability in CB Project Ltd. Co. CVLand software that a...

Same vulnerability type (CWE-639)