HIGH🇬🇧 English

CVE-2021-41177

CVSS 8.1v3.1pub. 2021-10-25upd. 2024-11-21

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.

oryginał EN
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
  • Nextcloud Server

    APP
    Nextcloud
    < 20.0.1321.0.0 – 21.0.5 (bez)22.0.0 – 22.2.0 (bez)
🔵
ZWERYFIKUJ U PRODUCENTA
Brak jednoznacznych danych o patchu. Sprawdź referencje od producenta.
CWE
Referencje

Powiązane podatności

CVE-2023-26482CRITICAL9.0ten sam produkt

Nextcloud server is an open source home cloud implementation. In affected versions a missing scope validation ...

CVE-2021-32802CRITICAL9.3ten sam produkt

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews fo...

CVE-2021-22915CRITICAL9.8ten sam produkt

Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion...

CVE-2026-45281HIGH8.1ten sam produkt

Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 32.0.0 to before...

CVE-2024-37313HIGH7.3ten sam produkt

Nextcloud server is a self hosted personal cloud system. Under some circumstance it was possible to bypass the...