CVE-2023-39960

CWE-3072 documents2 sources
Severity
7.5HIGH
EPSS
0.2%
top 52.97%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Nextcloud Nextcloud ServerNextcloud Security-advisories
Timeline
PublishedOct 13

Description

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:NExploitability: 3.1 | Impact: 1.4

Affected Packages2 packages

NVDnextcloud/nextcloud_server22.0.022.2.10.14+4
CVEListV5nextcloud/security-advisories5 versions+4

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

1
CVEList
Nextcloud Server has improper restriction of excessive authentication attempts on WebDAV endpoint2023-10-13
CVE-2023-39960 (HIGH CVSS 7.5) | Nextcloud Server provides data stor | cvebase.io