3 matches found
SUSE CVE-2023-32319
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...
CVE-2023-32319
Nextcloud Server vulnerability CVE-2023-32319: Missing brute-force protection on WebDAV endpoints via basic auth allows credential brute-forcing when usernames are not emails (affects 24.0.0+; fixed in 24.0.11, 25.0.5, 26.0.0). Users should upgrade to these releases; no workarounds are documented.
CVE-2023-32319 Basic auth header on WebDAV requests is not brute-force protected in Nextcloud
Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issu...