CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
33.8%
The OAuth2 token vulnerability of the cloud-based software for creating and utilizing Nextcloud storage
Nextcloud data storage software is related to the storage of OAuth2 tokens in plaintext. Exploitation of the vulnerability could
allow an attacker acting remotely to gain access to the server and escalate their privileges
Vulnerability in the Memcached component of the cloud software for creating and using the
Nextcloud datastore is related to the use of Memcached as memcache.distributed, the limitation of the
speed limit on the server could be unexpectedly reset, causing the speed counter to reset earlier than
intended. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of
denial of service