Описание
Nextcloud server is an open source, self hosted personal cloud. In affected versions an attacker is able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account. It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0. There are no workaround for this vulnerability.
Ссылки
- Third Party Advisory
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- Permissions RequiredThird Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 20.0.12 (исключая)Версия от 21.0.0 (включая) до 21.0.4 (исключая)Версия от 22.0.0 (включая) до 22.1.0 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
EPSS
Процентиль: 26%
0.00086
Низкий
8.1 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306
CWE-306
Связанные уязвимости
CVSS3: 8.1
debian
почти 4 года назад
Nextcloud server is an open source, self hosted personal cloud. In aff ...
EPSS
Процентиль: 26%
0.00086
Низкий
8.1 High
CVSS3
6.4 Medium
CVSS2
Дефекты
CWE-306
CWE-306