NextCloud Server and NextCloud Enterprise Server provide file storage for Nextcloud, a self-hosted productivity platform. In NextCloud Server versions 25.0.0 until 25.0.7 and 26.0.0 until 26.0.2 and Nextcloud Enterprise Server versions 21.0.0 until 21.0.9.12, 22.0.0 until 22.2.10.12, 23.0.0 until 23.0.12.7, 24.0.0 until 24.0.12.2, 25.0.0 until 25.0.7, and 26.0.0 until 26.0.2, an attacker can bruteforce the password reset links. Nextcloud Server n 25.0.7 and 26.0.2 and Nextcloud Enterprise Server 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7, and 26.0.2 contain a patch for this issue. No known workarounds are available.
Metrics
Affected Vendors & Products
References
History
Thu, 05 Dec 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
MITRE
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-06-23T20:49:56.795Z
Updated: 2024-12-05T16:16:35.458Z
Reserved: 2023-06-14T14:17:52.180Z
Link: CVE-2023-35172
Vulnrichment
Updated: 2024-08-02T16:23:59.430Z
NVD
Status : Modified
Published: 2023-06-23T21:15:09.777
Modified: 2024-11-21T08:08:05.320
Link: CVE-2023-35172
Redhat
No data.