cbcvebase.
CVE-2023-45148
published 2023-10-16

CVE-2023-45148: Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset…

PriorityP420medium4.3CVSS 3.1
AVNACLPRLUINSUCNINAL
EPSS
0.70%
48.5th percentile
Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.

Affected

9 ranges
VendorProductVersion rangeFixed in
nextcloudnextcloud_server
nextcloudnextcloud_server>= 22.0.0 < 22.2.10.1622.2.10.16
nextcloudnextcloud_server>= 23.0.0 < 23.0.12.1123.0.12.11
nextcloudnextcloud_server>= 24.0.0 < 24.0.12.724.0.12.7
nextcloudnextcloud_server>= 25.0.0 < 25.0.1125.0.11
nextcloudnextcloud_server>= 26.0.0 < 26.0.626.0.6
nextcloudsecurity-advisories
nextcloudsecurity-advisories
nextcloudsecurity-advisories
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.