{"vulnerability": "cve-2021-4123", "sightings": [{"uuid": "024c168c-4fc1-41e7-be07-e43d5299ae2a", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41239", "type": "published-proof-of-concept", "source": "https://t.me/DarkWebInformer_CVEAlerts/13126", "content": "\ud83d\udd17 DarkWebInformer.com - Cyber Threat Intelligence\n\ud83d\udccc CVE ID: CVE-2021-41239\n\ud83d\udd25 CVSS Score: 5.3 (cvssV3_1, Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)\n\ud83d\udd39 Description: Nextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.\n\ud83d\udccf Published: 2022-03-08T18:05:12.000Z\n\ud83d\udccf Modified: 2025-04-23T18:58:33.406Z\n\ud83d\udd17 References:\n1. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-g722-cm3h-8wrx\n2. https://github.com/nextcloud/server/issues/27122\n3. https://github.com/nextcloud/server/pull/29260\n4. https://security.gentoo.org/glsa/202208-17", "creation_timestamp": "2025-04-23T19:05:26.000000Z"}, {"uuid": "be46b302-af4f-4fa4-9c7b-089cd45b93f9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41233", "type": "seen", "source": "https://t.me/cibsecurity/38746", "content": "\u203c CVE-2021-41233 \u203c\n\nNextcloud text is a collaborative document editing using Markdown built for the nextcloud server. Due to an issue with the Nextcloud Text application, which is by default shipped with Nextcloud Server, an attacker is able to access the folder names of \"File Drop\". For successful exploitation an attacker requires knowledge of the sharing link. It is recommended that users upgrade their Nextcloud Server to 20.0.14, 21.0.6 or 22.2.1. Users unable to upgrade should disable the Nextcloud Text application in the application settings.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-11T00:13:08.000000Z"}, {"uuid": "ff06e63e-2bec-4bee-b7ce-de26a3159c61", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41230", "type": "seen", "source": "https://t.me/cibsecurity/31921", "content": "\u203c CVE-2021-41230 \u203c\n\nPomerium is an open source identity-aware access proxy. In affected versions changes to the OIDC claims of a user after initial login are not reflected in policy evaluation when using `allowed_idp_claims` as part of policy. If using `allowed_idp_claims` and a user's claims are changed, Pomerium can make incorrect authorization decisions. This issue has been resolved in v0.15.6. For users unable to upgrade clear data on `databroker` service by clearing redis or restarting the in-memory databroker to force claims to be updated.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-06T01:26:13.000000Z"}, {"uuid": "e7299dc0-6a68-4173-b3d9-d8d8cf2daddf", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41236", "type": "seen", "source": "https://t.me/cibsecurity/34951", "content": "\u203c CVE-2021-41236 \u203c\n\nOroPlatform is a PHP Business Application Platform. In affected versions the email template preview is vulnerable to XSS payload added to email template content. An attacker must have permission to create or edit an email template. For successful payload, execution the attacked user must preview a vulnerable email template. There are no workarounds that address this vulnerability. Users are advised to upgrade as soon as is possible.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-04T22:38:23.000000Z"}, {"uuid": "c90e41f7-984a-415c-8a20-80dcef7c4e67", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41231", "type": "seen", "source": "https://t.me/cibsecurity/57110", "content": "\u203c CVE-2021-41231 \u203c\n\nOpenMage LTS is an e-commerce platform. Prior to versions 19.4.22 and 20.0.19, an administrator with the permissions to upload files via DataFlow and to create products was able to execute arbitrary code via the convert profile. Versions 19.4.22 and 20.0.19 contain a patch for this issue.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2023-01-27T22:34:43.000000Z"}, {"uuid": "1d8dabad-f645-4e86-bae5-9ad7ffd672ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41239", "type": "seen", "source": "https://t.me/cibsecurity/38542", "content": "\u203c CVE-2021-41239 \u203c\n\nNextcloud server is a self hosted system designed to provide cloud style services. In affected versions the User Status API did not consider the user enumeration settings by the administrator. This allowed a user to enumerate other users on the instance, even when user listings where disabled. It is recommended that the Nextcloud Server is upgraded to 20.0.14, 21.0.6 or 22.2.1. There are no known workarounds.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-03-08T20:40:50.000000Z"}, {"uuid": "d5fbf2b9-3a20-4fd7-a159-64eed45f1ed9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-4123", "type": "seen", "source": "https://t.me/cibsecurity/34133", "content": "\u203c CVE-2021-4123 \u203c\n\nlivehelperchat is vulnerable to Cross-Site Request Forgery (CSRF)\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-12-16T12:37:09.000000Z"}, {"uuid": "f74d8697-d0ef-464a-82ad-b33eeae068f7", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2021-41238", "type": "seen", "source": "https://t.me/cibsecurity/31627", "content": "\u203c CVE-2021-41238 \u203c\n\nHangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no custom authorization filters specified, `LocalRequestsOnlyAuthorizationFilter` filter is being used to allow only local requests and prohibit all the remote requests to provide sensible, protected by default settings. However due to the recent changes, in version 1.7.25 no authorization filters are used by default, allowing remote requests to succeed. If you are using `UseHangfireDashboard` method with default `DashboardOptions.Authorization` property value, then your installation is impacted. If any other authorization filter is specified in the `DashboardOptions.Authorization` property, the you are not impacted. Patched versions (1.7.26) are available both on Nuget.org and as a tagged release on the github repo. Default authorization rules now prohibit remote requests by default again by including the `LocalRequestsOnlyAuthorizationFilter` filter to the default settings. Please upgrade to the newest version in order to mitigate the issue. For users who are unable to upgrade it is possible to mitigate the issue by using the `LocalRequestsOnlyAuthorizationFilter` explicitly when configuring the Dashboard UI.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-11-02T21:23:14.000000Z"}]}