Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
redosRedosROS-20231024-03
HistoryOct 24, 2023 - 12:00 a.m.

ROS-20231024-03

2023-10-2400:00:00
redos.red-soft.ru
11
oauth2 token
nextcloud storage
vulnerability
memcached
denial of service
remote exploitation
privilege escalation
speed limit reset

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON

The OAuth2 token vulnerability of the cloud-based software for creating and utilizing Nextcloud storage
Nextcloud data storage software is related to the storage of OAuth2 tokens in plaintext. Exploitation of the vulnerability could
allow an attacker acting remotely to gain access to the server and escalate their privileges

Vulnerability in the Memcached component of the cloud software for creating and using the
Nextcloud datastore is related to the use of Memcached as memcache.distributed, the limitation of the
speed limit on the server could be unexpectedly reset, causing the speed counter to reset earlier than
intended. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64nextcloud< 25.0.5-5UNKNOWN

Related

cvelist 2
hackerone 2
nvd 2
nextcloud 2
vulnrichment 2
cve 2
prion 2
osv 2
openvas 2
cvelist
cvelist
CVE-2023-45148 Rate limiter not working reliable when Memcached is installed in Nextcloud
2023-10-16 18:51:56
CVE-2023-45151 OAuth2 client_secret stored in plain text in the Nextcloud database
2023-10-16 18:41:28
hackerone
hackerone
Nextcloud: Memcached used as RateLimiter backend is no-op
2023-08-15 16:38:47
Nextcloud: OAuth2 client_secret stored in plain text in the database
2023-05-19 11:22:17
nvd
nvd
CVE-2023-45148
2023-10-16 19:15:10
CVE-2023-45151
2023-10-16 19:15:10
nextcloud
nextcloud
OAuth2 client_secret stored in plain text in the database
2023-10-16 07:22:17
Rate limiter not working reliable when Memcached is installed
2023-10-16 07:19:38
vulnrichment
vulnrichment
CVE-2023-45148 Rate limiter not working reliable when Memcached is installed in Nextcloud
2023-10-16 18:51:56
CVE-2023-45151 OAuth2 client_secret stored in plain text in the Nextcloud database
2023-10-16 18:41:28
cve
cve
CVE-2023-45148
2023-10-16 19:15:10
CVE-2023-45151
2023-10-16 19:15:10
prion
prion
Code injection
2023-10-16 19:15:00
Design/Logic Flaw
2023-10-16 19:15:00
osv
osv
CVE-2023-45148
2023-10-16 19:15:10
CVE-2023-45151
2023-10-16 19:15:10
openvas
openvas
Nextcloud Server < 22.2.10.16, 23.x < 23.0.12.11, 24.x < 24.0.12.7, 25.x < 25.0.11, 26.x < 26.0.6, 27.x < 27.1.0 Improper Access Control Vulnerability (GHSA-xmhp-7vr4-hp63)
2023-10-17 00:00:00
Nextcloud Server 25.x < 25.0.8, 26.x < 26.0.3, 27.x < 27.0.1 Improper Access Control Vulnerability (GHSA-hhgv-jcg9-p4m9)
2023-10-17 00:00:00

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

AI Score

7.5

Confidence

High

EPSS

0.001

Percentile

33.8%

JSON
Related for ROS-20231024-03
cvelist2hackerone2nvd2nextcloud2vulnrichment2cve2prion2osv2openvas2