CVE-2023-28847

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28847
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-28847.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-28847
Aliases
  • GHSA-r5wf-xj97-3w7w
Published
2023-04-25T17:15:08Z
Modified
2024-06-06T14:27:53.755017Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available.

References

Affected packages

Git / github.com/nextcloud/server

Affected ranges

Type
GIT
Repo
https://github.com/nextcloud/server
Events

Affected versions

v25.*

v25.0.0
v25.0.1
v25.0.1rc1
v25.0.2
v25.0.2rc1
v25.0.2rc2
v25.0.2rc3
v25.0.3
v25.0.3rc1
v25.0.3rc2
v25.0.4
v25.0.4rc1
v25.0.5rc1