Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud Server's brute force protection allows someone to send more requests than intended
Vulnerability Description
Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:N
Vulnerability Type
过多认证尝试的限制不恰当
Vulnerability Title
Nextcloud 安全漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Server 25.0.7 、 26.0.2 版本, Nextcloud Enterprise Server 21.0.9.12、22.2.10.12、 23.0.12.7、24.0.12.2、25.0.7 和 26.0.2 版本存在安全漏洞,该漏洞源于当并行发送多个请求时,即使在响应发送到客户端时,错误请求的数量已超过限制,所有请求都会被执行。
CVSS Information
N/A
Vulnerability Type
N/A