Описание
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.
Ссылки
- Patch
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
- Patch
- PatchVendor Advisory
- Issue TrackingThird Party Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 1.1.0 (включая) до 1.4.1 (исключая)Версия от 2.0.0 (включая) до 2.1.2 (исключая)Версия от 2.2.0 (включая) до 2.3.4 (исключая)Версия от 2.4.0 (включая) до 2.4.5 (исключая)
Одно из
cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*
cpe:2.3:a:nextcloud:global_site_selector:*:*:*:*:*:*:*:*
EPSS
Процентиль: 78%
0.01151
Низкий
9.6 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-306
EPSS
Процентиль: 78%
0.01151
Низкий
9.6 Critical
CVSS3
9.8 Critical
CVSS3
Дефекты
CWE-306