CVE-2023-39960

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2023-39960
Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.

5.0 /10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact LOW

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References
Link Resource
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 Vendor Advisory
https://github.com/nextcloud/server/pull/38046 Issue Tracking Patch
https://hackerone.com/reports/1924212 Third Party Advisory
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 Vendor Advisory
https://github.com/nextcloud/server/pull/38046 Issue Tracking Patch
https://hackerone.com/reports/1924212 Third Party Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
History

21 Nov 2024, 08:16

Type Values Removed Values Added
References () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 - Vendor Advisory () https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 - Vendor Advisory
References () https://github.com/nextcloud/server/pull/38046 - Issue Tracking, Patch () https://github.com/nextcloud/server/pull/38046 - Issue Tracking, Patch
References () https://hackerone.com/reports/1924212 - Third Party Advisory () https://hackerone.com/reports/1924212 - Third Party Advisory
CVSS v2 : unknown
v3 : 7.5 		v2 : unknown
v3 : 5.0

18 Oct 2023, 19:45

Type Values Removed Values Added
First Time Nextcloud
Nextcloud nextcloud Server
References (MISC) https://hackerone.com/reports/1924212 - (MISC) https://hackerone.com/reports/1924212 - Third Party Advisory
References (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 - (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9 - Vendor Advisory
References (MISC) https://github.com/nextcloud/server/pull/38046 - (MISC) https://github.com/nextcloud/server/pull/38046 - Issue Tracking, Patch
CPE cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown 		v2 : unknown
v3 : 7.5

13 Oct 2023, 13:46

Type Values Removed Values Added
New CVE
Information

Published : 2023-10-13 13:15

Updated : 2024-11-21 08:16

NVD link : CVE-2023-39960

Mitre link : CVE-2023-39960

CVE.ORG link : CVE-2023-39960

JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts


NetmanageIT Website NetmanageIT OSINT Web NetmanageIT OpenCTI NetmanageIT PDF Tools NetmanageIT CTO Corner Blog NetmanageIT Email Header Analyzer NetmanageIT Password Pusher NetmanageIT Internet Health and Latency Dashboard NetmanageIT Dedicated Speed Test Site NetmanageIT Ubuntu Mirror 10Gbps Copyright OpenCVE 2024