CVE-2023-25816

2023-02-2500:15:11

CWE-400

[email protected]

web.nvd.nist.gov

nextcloud

open source

uncontrolled resource consumption

vulnerable

CVSS3

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

AI Score

5.3

Confidence

High

EPSS

0.001

Percentile

48.2%

JSON

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.

Affected configurations

Nvd

Node

nextcloudnextcloud_serverRange25.0.0–25.0.3

nextcloudnextcloud_serverRange25.0.0–25.0.3enterprise

VendorProductVersionCPE
nextcloudnextcloud_server*cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*
nextcloudnextcloud_server*cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
nextcloud	nextcloud_server	*	cpe:2.3:a:nextcloud:nextcloud_server::::::::
nextcloud	nextcloud_server	*	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*