PT-2023-22004 · Nextcloud+1 · Nextcloud Enterprise Server+2
Hackitbharat
·
Publicado
2023-03-27
·
Atualizado
2023-05-04
·
CVE-2023-28847
CVSS v3.1
3.1
Baixa
| Vetor | AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Nextcloud Server versions 24.0.0 through 24.0.10
Nextcloud Server versions 25.0.0 through 25.0.4
Nextcloud Server Enterprise versions 23.0.0 through 23.0.12.5
Nextcloud Server Enterprise versions 24.0.0 through 24.0.10
Nextcloud Server Enterprise versions 25.0.0 through 25.0.4
Description
The issue allows an attacker to brute force passwords of share links without restriction. This is possible because the attacker is not restricted in verifying passwords of share links.
Recommendations
For Nextcloud Server versions 24.0.0 through 24.0.10, update to version 24.0.11 or later.
For Nextcloud Server versions 25.0.0 through 25.0.4, update to version 25.0.5 or later.
For Nextcloud Server Enterprise versions 23.0.0 through 23.0.12.5, update to version 23.0.12.6 or later.
For Nextcloud Server Enterprise versions 24.0.0 through 24.0.10, update to version 24.0.11 or later.
For Nextcloud Server Enterprise versions 25.0.0 through 25.0.4, update to version 25.0.5 or later.
Exploit
Correção
Improper Restriction of Excessive Authentication Attempts
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Nextcloud Server
Nextcloud Enterprise Server