CVE-2023-45148

Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*

History

20 Oct 2023, 12:19

Type Values Removed Values Added
First Time Nextcloud
Nextcloud nextcloud Server
CPE cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:*
cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*
CVSS v2 : unknown
v3 : unknown
v2 : unknown
v3 : 4.3
References (MISC) https://github.com/nextcloud/server/pull/40293 - (MISC) https://github.com/nextcloud/server/pull/40293 - Issue Tracking, Patch
References (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63 - (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63 - Vendor Advisory
References (MISC) https://hackerone.com/reports/2110945 - (MISC) https://hackerone.com/reports/2110945 - Permissions Required

16 Oct 2023, 19:24

Type Values Removed Values Added
New CVE

Information

Published : 2023-10-16 19:15

Updated : 2024-02-28 20:33


NVD link : CVE-2023-45148

Mitre link : CVE-2023-45148

CVE.ORG link : CVE-2023-45148


JSON object : View

Products Affected

nextcloud

  • nextcloud_server
CWE
CWE-307

Improper Restriction of Excessive Authentication Attempts