Lucene search
HackeroneCVELIST:CVE-2021-22915HistoryJun 11, 2021 - 3:49 p.m.
CVE-2021-22915
2021-06-1115:49:38
CWE-307
hackerone
www.cve.org
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.
CNA Affected
[
{
"product": "Nextcloud Server",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Fixed in 19.0.11, 20.0.10, 21.0.2"
}
]
}
]References
hackerone.com/reports/1154003
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/AGXGR6HYGQ6MZXISMJEHCOXRGRFRUFMA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L6BO6P6MP2MOWA6PZRXX32PLWPXN5O4S/
nextcloud.com/security/advisory/?id=NC-SA-2021-009
Related
nextcloud
nextcloud
Ratelimiting can be bypassed using IPv6 subnets
2021-06-01 18:02:20
osv
osv
CVE-2021-22915
2021-06-11 16:15:11
openvas
openvas
Fedora: Security Advisory for nextcloud (FEDORA-2021-afa7968aeb)
2021-07-11 00:00:00
Nextcloud Server Brute-Force Protection Vulnerability (NC-SA-2021-009)
2021-06-15 00:00:00
Fedora: Security Advisory for nextcloud (FEDORA-2021-eac0e52f88)
2021-07-11 00:00:00
nvd
nvd
CVE-2021-22915
2021-06-11 16:15:11
fedora
fedora
[SECURITY] Fedora 33 Update: nextcloud-19.0.12-1.fc33
2021-07-09 00:46:25
[SECURITY] Fedora 34 Update: nextcloud-20.0.10-1.fc34
2021-07-09 01:03:33
cve
cve
CVE-2021-22915
2021-06-11 16:15:11
prion
prion
Design/Logic Flaw
2021-06-11 16:15:00
hackerone
hackerone
Nextcloud: Ratelimiting can be bypassed using IPv6 subnets
2021-04-07 01:26:34