Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.
References
| Link | Resource |
|---|---|
| https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63 | Vendor Advisory |
| https://github.com/nextcloud/server/pull/40293 | Issue Tracking Patch |
| https://hackerone.com/reports/2110945 | Permissions Required |
Configurations
Configuration 1 (hide)
|
History
20 Oct 2023, 12:19
| Type | Values Removed | Values Added |
|---|---|---|
| First Time |
Nextcloud
Nextcloud nextcloud Server |
|
| References | (MISC) https://github.com/nextcloud/server/pull/40293 - Issue Tracking, Patch | |
| References | (MISC) https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63 - Vendor Advisory | |
| References | (MISC) https://hackerone.com/reports/2110945 - Permissions Required | |
| CPE | cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:-:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:27.0.0:*:*:*:enterprise:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:-:*:*:* cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:* |
|
| CVSS |
v2 : v3 : |
v2 : unknown
v3 : 4.3 |
16 Oct 2023, 19:24
| Type | Values Removed | Values Added |
|---|---|---|
| New CVE |
Information
Published : 2023-10-16 19:15
Updated : 2024-02-28 20:33
NVD link : CVE-2023-45148
Mitre link : CVE-2023-45148
CVE.ORG link : CVE-2023-45148
JSON object : View
Products Affected
nextcloud
- nextcloud_server
CWE
CWE-307
Improper Restriction of Excessive Authentication Attempts