CVE-2023-45148

CWE-3072 documents2 sources

Severity

4.3MEDIUM

EPSS

0.2%

top 60.71%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Nextcloud Server Nextcloud Security-advisories

Timeline

PublishedOct 16

Description

Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:LExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server22.0.0 — 22.2.10.16+5

▶CVEListV5nextcloud/security-advisories>= 25.0.0, < 25.0.11, >= 26.0.0, < 26.0.6, >= 27.0.0, < 27.1.0+2

Patches

Patch: github.com ↗Patch: github.com ↗

🔴Vulnerability Details

CVEList

Rate limiter not working reliable when Memcached is installed in Nextcloud↗2023-10-16

▶