Lucene search
PRIOn knowledge basePRION:CVE-2021-22915HistoryJun 11, 2021 - 4:15 p.m.
Design/Logic Flaw
2021-06-1116:15:00
PRIOn knowledge base
www.prio-n.com
4
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fedora | eq | 33 | |
| fedora | eq | 34 | |
| nextcloud_server | lt | 19.0.11 | |
| nextcloud_server | ge | 20.0.0 | |
| nextcloud_server | lt | 20.0.10 | |
| nextcloud_server | ge | 21.0.0 | |
| nextcloud_server | lt | 21.0.2 |
Related
nextcloud
nextcloud
Ratelimiting can be bypassed using IPv6 subnets
2021-06-01 18:02:20
osv
osv
CVE-2021-22915
2021-06-11 16:15:11
cvelist
cvelist
CVE-2021-22915
2021-06-11 15:49:38
openvas
openvas
Fedora: Security Advisory for nextcloud (FEDORA-2021-afa7968aeb)
2021-07-11 00:00:00
Nextcloud Server Brute-Force Protection Vulnerability (NC-SA-2021-009)
2021-06-15 00:00:00
Fedora: Security Advisory for nextcloud (FEDORA-2021-eac0e52f88)
2021-07-11 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: nextcloud-19.0.12-1.fc33
2021-07-09 00:46:25
[SECURITY] Fedora 34 Update: nextcloud-20.0.10-1.fc34
2021-07-09 01:03:33
cve
cve
CVE-2021-22915
2021-06-11 16:15:11
nvd
nvd
CVE-2021-22915
2021-06-11 16:15:11
hackerone
hackerone
Nextcloud: Ratelimiting can be bypassed using IPv6 subnets
2021-04-07 01:26:34