PT-2023-29439 · Nextcloud · Nextcloud Talk

Nickvergessen

Publicado

2023-10-16

Atualizado

2023-10-20

CVE-2023-45149

CVSS v3.1

4.3

Média

Vetor

AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Name of the Vulnerable Software and Affected Versions Nextcloud Talk versions prior to 15.0.8 Nextcloud Talk versions prior to 16.0.6 Nextcloud Talk versions prior to 17.1.1

Description The issue concerns the brute force protection of public talk conversation passwords in Nextcloud Talk, a chat module for the Nextcloud server platform. In affected versions, this protection can be bypassed due to an endpoint validating the conversation password without registering brute force attempts.

Recommendations For versions prior to 15.0.8, upgrade to version 15.0.8. For versions prior to 16.0.6, upgrade to version 16.0.6. For versions prior to 17.1.1, upgrade to version 17.1.1.

Exploit

Correção

Improper Restriction of Excessive Authentication Attempts

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-307

Identificadores relacionados

CVE-2023-45149

GHSA-7RF8-PQMJ-RPQV

Produtos afetados

Nextcloud Talk

PT-2023-29439 · Nextcloud · Nextcloud Talk

CVE-2023-45149

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 9