Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20230628-01
HistoryJun 28, 2023 - 12:00 a.m.

ROS-20230628-01

2023-06-2800:00:00
redos.red-soft.ru
6
nextcloud
server vulnerability
remote attacker
compromise
password reset
access
other user
credentials

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON

The Nextcloud server vulnerability is related to a lack of brute force protection at the password reset endpoint.
Exploitation of the vulnerability could allow an attacker acting remotely to compromise the password reset links.
password.

The Nextcloud server vulnerability is related to the fact that user-level external storage can be
be used to collect credentials of other users. Exploitation of the vulnerability could allow
an attacker acting remotely to gain access to another user’s credentials and take over that user’s account.
account.

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64nextcloud<= 25.0.5-2UNKNOWN

Related

openvas 1
prion 2
cvelist 2
osv 2
nextcloud 2
cve 2
nvd 2
hackerone 2
openvas
openvas
Nextcloud Server 25.x < 25.0.7, 26.x < 26.0.2 Multiple Vulnerabilities (GHSA-qphh-6xh7-vffg, GHSA-mjf5-p765-qmr6, GHSA-h7f7-535f-7q87, GHSA-637g-xp2c-qh5h)
2023-06-23 00:00:00
prion
prion
Code injection
2023-06-23 21:15:00
Code injection
2023-06-23 21:15:00
cvelist
cvelist
CVE-2023-35172 Nextcloud Server password reset endpoint is not brute force protected
2023-06-23 20:49:56
CVE-2023-35928 Nextcloud user scoped external storage can be used to gather credentials of other users
2023-06-23 20:58:33
osv
osv
CVE-2023-35172
2023-06-23 21:15:09
CVE-2023-35928
2023-06-23 21:15:10
nextcloud
nextcloud
Password reset endpoint is not brute force protected
2023-06-22 06:17:09
User scoped external storage can be used to gather credentials of other users
2023-06-22 13:24:37
cve
cve
CVE-2023-35928
2023-06-23 21:15:10
CVE-2023-35172
2023-06-23 21:15:09
nvd
nvd
CVE-2023-35172
2023-06-23 21:15:09
CVE-2023-35928
2023-06-23 21:15:10
hackerone
hackerone
Nextcloud: Password reset endpoint is not brute force protected
2023-05-13 19:17:02
Nextcloud: User scoped external storage can be used to gather credentials of other users
2023-05-09 09:31:04

9.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

0.002 Low

EPSS

Percentile

64.5%

JSON
Related for ROS-20230628-01
openvas1prion2cvelist2osv2nextcloud2cve2nvd2hackerone2