CVE-2023-32319
Last modified
CVE-2023-32319 is a medium-severity vulnerability rated 6.5/10 on the CVSS scale. Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. EPSS estimates a 0.70% chance of exploitation in the next 30 days.
Description
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.
Metrics
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nextcloud | Nextcloud Server | >= 24.0.0, < 24.0.11 |
| Nextcloud | Nextcloud Server | >= 25.0.0, < 25.0.5 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2023-32319?
How severe is CVE-2023-32319?
How do I fix CVE-2023-32319?
Are you affected by CVE-2023-32319?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST