Lucene search

[email protected]NVD:CVE-2023-28644

HistoryMar 30, 2023 - 7:15 p.m.

CVE-2023-28644

2023-03-3019:15:06

CWE-400

[email protected]

web.nvd.nist.gov

nextcloud server

home cloud implementation

inefficient fetch operation

denial of service

vulnerability

upgrade

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

35.6%

JSON

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.

Affected configurations

Nvd

Node

nextcloudnextcloud_serverRange25.0.0–25.0.3enterprise

VendorProductVersionCPE
nextcloudnextcloud_server*cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:enterprise:*:*:*

Vendor	Product	Version	CPE
nextcloud	nextcloud_server	*	cpe:2.3:a:nextcloud:nextcloud_server:::::enterprise:::*

References

github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j

github.com/nextcloud/server/pull/36016

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

6.3

Confidence

High

EPSS

0.001

Percentile

35.6%

JSON

Related for NVD:CVE-2023-28644

openvas1 prion1 osv1 cve1 hackerone1 nextcloud1 cvelist1 redos1