Lucene search
RtodH1:1192159HistoryMay 11, 2021 - 2:23 p.m.
Nextcloud: public webdav endpoint not bruteforce protected
2021-05-1114:23:29
rtod
hackerone.com
$100
27
0.002 Low
EPSS
Percentile
52.4%
Again related to https://hackerone.com/reports/1173684
I am having some trouble finding the code.
However if you do
curl -u "RANDOM1:RANDOM2" -X PROPFIND https://server/public.php/webdav
And then check your oc_bruteforce_attempts table. You’ll see there is no entry registered.
Impact
Low just like on the other report. But should be fixed non the less.
Related
cvelist
cvelist
CVE-2021-32705 Lack of ratelimit on public DAV endpoint
2021-07-12 15:30:14
nvd
nvd
CVE-2021-32705
2021-07-12 16:15:09
cve
cve
CVE-2021-32705
2021-07-12 16:15:09
nextcloud
nextcloud
Lack of ratelimit on public DAV endpoint
2021-07-12 09:19:29
prion
prion
Command injection
2021-07-12 16:15:00
osv
osv
CVE-2021-32705
2021-07-12 16:15:09
openvas
openvas
Fedora: Security Advisory for nextcloud (FEDORA-2021-6f327296fe)
2021-07-27 00:00:00
Fedora: Security Advisory for nextcloud (FEDORA-2021-9b421b78af)
2021-07-27 00:00:00
Nextcloud Server Multiple Vulnerabilities (Jul 2021)
2021-07-16 00:00:00
fedora
fedora
[SECURITY] Fedora 34 Update: nextcloud-20.0.11-1.fc34
2021-07-22 01:14:58
[SECURITY] Fedora 33 Update: nextcloud-19.0.13-1.fc33
2021-07-22 01:16:10
suse
suse
Security update for nextcloud (important)
2021-07-21 00:00:00
archlinux
archlinux
[ASA-202107-22] nextcloud: multiple issues
2021-07-14 00:00:00
nessus
nessus
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1068-1)
2021-07-21 00:00:00
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00