PT-2023-2378 · Nextcloud+2 · Nextcloud+2
Aditya404
·
Publicado
2023-01-23
·
Atualizado
2023-04-13
·
CVE-2023-25816
CVSS v2.0
6.8
Média
| Vetor | AV:N/AC:L/Au:S/C:N/I:N/A:C |
Name of the Vulnerable Software and Affected Versions
Nextcloud versions 25.0.0 through 25.0.2
Description
The issue is related to Uncontrolled Resource Consumption in Nextcloud, an Open Source private cloud software. A user can configure a very long password, which consumes more resources on password validation than desired, potentially leading to a denial of service. This can be exploited by a remote attacker.
Recommendations
For versions 25.0.0 through 25.0.2, update to version 25.0.3 to resolve the issue.
As a temporary workaround is not available, ensuring timely updates is crucial.
Exploit
Correção
Resource Exhaustion
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Alt Linux
Nextcloud
Red Os