Описание
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available.
Ссылки
- Vendor Advisory
- Issue TrackingPatch
- Permissions RequiredThird Party Advisory
- Vendor Advisory
- Issue TrackingPatch
- Permissions RequiredThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 23.0.12 (исключая)Версия от 24.0.0 (включая) до 24.0.8 (исключая)
Одно из
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:25.0.0:*:*:*:*:*:*:*
EPSS
Процентиль: 25%
0.00083
Низкий
3.7 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo
Связанные уязвимости
CVSS3: 3.7
debian
больше 2 лет назад
Nextcloud Server is the file server software for Nextcloud, a self-hos ...
EPSS
Процентиль: 25%
0.00083
Низкий
3.7 Low
CVSS3
5.3 Medium
CVSS3
Дефекты
CWE-284
NVD-CWE-noinfo