Lucene search
GoogleOSV:CVE-2021-41177HistoryOct 25, 2021 - 10:15 p.m.
CVE-2021-41177
2021-10-2522:15:07
Google
osv.dev
8
nextcloud
rate-limiting
memory cache
Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as AnonRateThrottle or UserRateThrottle) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in config.php.
Related
cvelist
cvelist
prion
prion
Memory corruption
2021-10-25 22:15:00
nextcloud
nextcloud
Rate-limits not working on instances without configured memory cache backend
2021-10-25 11:48:41
cnvd
cnvd
Nextcloud has an unspecified vulnerability (CNVD-2022-18417)
2021-10-28 00:00:00
cve
cve
CVE-2021-41177
2021-10-25 22:15:07
nvd
nvd
CVE-2021-41177
2021-10-25 22:15:07
redhatcve
redhatcve
CVE-2021-41177
2022-05-20 23:42:32
openvas
openvas
Nextcloud Server Multiple Vulnerabilities (Oct 2021)
2021-10-27 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2021:1602-1)
2022-02-08 00:00:00
suse
suse
Security update for nextcloud (important)
2021-12-20 00:00:00
nessus
nessus
openSUSE 15 Security Update : nextcloud (openSUSE-SU-2021:1602-1)
2021-12-21 00:00:00
GLSA-202208-17 : Nextcloud: Multiple Vulnerabilities
2022-08-16 00:00:00
gentoo
gentoo
Nextcloud: Multiple Vulnerabilities
2022-08-10 00:00:00