EUVD-2023-36567

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Nextcloud Server allows excessive parallel requests, bypassing limits for brute force attacks.

Reporter	Title	Published	Views	Family All 52
BDU FSTEC	The vulnerability of cloud-based software for creating and using Nextcloud Server’s data storage solution lies in the lack of authentication attempt limits. This allows attackers to execute a brute-force attack.	25 Jan 202400:00	–	bdu_fstec
CNNVD	Nextcloud 安全漏洞	22 Jun 202300:00	–	cnnvd
CVE	CVE-2023-32320	22 Jun 202320:57	–	cve
Cvelist	CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended	22 Jun 202320:57	–	cvelist
Nextcloud	Brute force protection allows to send more requests than intended	22 Jun 202306:14	–	nextcloud
Hacker One	Nextcloud: Brute force protection allows to send more requests than intended	26 Mar 202319:35	–	hackerone
NVD	CVE-2023-32320	22 Jun 202321:15	–	nvd
OpenVAS	Nextcloud Server 25.x < 25.0.7, 26.x < 26.0.2 Multiple Vulnerabilities (GHSA-qphh-6xh7-vffg, GHSA-mjf5-p765-qmr6, GHSA-h7f7-535f-7q87, GHSA-637g-xp2c-qh5h)	23 Jun 202300:00	–	openvas
OpenVAS	Nextcloud Server 25.x < 25.0.7, 26.x < 26.0.2 Brute Force Protection Vulnerability (GHSA-qphh-6xh7-vffg)	23 Jun 202300:00	–	openvas
OSV	CVE-2023-32320 Nextcloud Server's brute force protection allows someone to send more requests than intended	22 Jun 202320:57	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "d966c32f-5b59-319f-ac64-4333b545cf21",
        "vendor": {
          "name": "nextcloud"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "3ce8f99f-77a3-3d25-a95e-80a93bea1eae",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Server  25.0.0, < 25.0.7"
      },
      {
        "id": "454072d6-584c-34f5-958f-589c2e2ab11c",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server   25.0.0, < 25.0.7"
      },
      {
        "id": "596935c0-3b4e-355e-a2b6-0242a2dc1c16",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server   26.0.0, < 26.0.2"
      },
      {
        "id": "6a767ae9-7bf1-3020-808b-ef5b84d75b12",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server   24.0.0, < 24.0.12.2"
      },
      {
        "id": "6b016fab-fe21-3c75-83ba-4730df7581f5",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server   21.0.0, < 21.0.9.12"
      },
      {
        "id": "739596da-cf8f-34ad-8e54-bdb35b00d1f1",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Server  26.0.0, < 26.0.2"
      },
      {
        "id": "da00f464-bb6c-38b8-94f0-c365fe462f09",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server   23.0.0, < 23.0.12.7"
      },
      {
        "id": "fe9f4686-8ddc-3413-bad8-b6722989a6bd",
        "product": {
          "name": "security-advisories"
        },
        "product_version": "Nextcloud Enterprise Server   22.0.0, < 22.2.10.12"
      }
    ]
  }
]

Source	Link
github	www.github.com/nextcloud/security-advisories/security/advisories/GHSA-qphh-6xh7-vffg
github	www.github.com/nextcloud/server/pull/38274
hackerone	www.hackerone.com/reports/1918525

03 Oct 2025 20:07Current

7.8High risk

Vulners AI Score7.8

CVSS 3.17.5 - 8.7

EPSS0.00518

SSVC