CVE-2023-25816Uncontrolled Resource Consumption in Server

CWE-400Uncontrolled Resource Consumption2 documents2 sources
Severity
6.5MEDIUMNVD
CNA4.3
EPSS
0.7%
top 29.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud ServerNextcloud Security-advisories
Timeline
Latest updateFeb 24
PublishedFeb 25

Description

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

NVDnextcloud/nextcloud_server25.0.025.0.3
CVEListV5nextcloud/security-advisories>= 25.0.0, < 25.0.3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
nextcloud vulnerable to Uncontrolled Resource Consumption2023-02-24
CVE-2023-25816 — Uncontrolled Resource Consumption | cvebase