GitHub_MCVELIST:CVE-2023-28644CVE-2023-28644 Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.0%
Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.
CNA Affected
[
{
"vendor": "nextcloud",
"product": "security-advisories",
"versions": [
{
"version": ">= 25.0.0, < 25.0.3",
"status": "affected"
}
]
}
]Related
5.7 Medium
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
0.001 Low
EPSS
Percentile
32.0%