Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Nextcloud global site selector authentication bypass
Vulnerability Description
Nextcloud Global Site Selector is a tool which allows you to run multiple small Nextcloud instances and redirect users to the right server. A problem in the password verification method allows an attacker to authenticate as another user. It is recommended that the Nextcloud Global Site Selector is upgraded to version 1.4.1, 2.1.2, 2.3.4 or 2.4.5. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
关键功能的认证机制缺失
Vulnerability Title
Nextcloud 访问控制错误漏洞
Vulnerability Description
Nextcloud是德国Nextcloud公司的一套开源的自托管文件同步和共享的通信应用平台。 Nextcloud Global Site Selector存在访问控制错误漏洞,该漏洞源于密码验证方法中存在安全漏洞,允许攻击者以其他用户身份进行身份验证。受影响的产品和版本:Nextcloud Global Site Selector 1.1.0及更高版本, 2.0.0及更高版本, 2.1.0及更高版本,2.2.0及更高版本,2.3.0及更高版本,2.4.0及更高版本。
CVSS Information
N/A
Vulnerability Type
N/A