PT-2023-23726 · Nextcloud+1 · Nextcloud Server+1

Hackitbharat

Publicado

2023-03-27

Atualizado

2023-12-07

CVE-2023-32319

CVSS v3.1

8.1

Alta

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud server versions 24.0.0 through 24.0.10 Nextcloud server versions 25.0.0 through 25.0.4 Nextcloud server versions prior to 26.0.0

Description The issue is related to missing brute-force protection on the WebDAV endpoints via the basic auth header, allowing brute-forcing of user credentials when the provided user name was not an email address.

Recommendations For Nextcloud server versions 24.0.0 through 24.0.10, upgrade to version 24.0.11 or later. For Nextcloud server versions 25.0.0 through 25.0.4, upgrade to version 25.0.5 or later. For Nextcloud server versions prior to 26.0.0, upgrade to version 26.0.0 or later.

Exploit

Correção

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

ALT-PU-2023-1517

ALT-PU-2023-1547

ALT-PU-2023-7785

CVE-2023-32319

GHSA-MR7Q-XF62-FW54

Produtos afetados

Alt Linux

Nextcloud Server

PT-2023-23726 · Nextcloud+1 · Nextcloud Server+1

CVE-2023-32319

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 7