Home > Vulnerability Database > CVE-2023-25161

Mend.io Vulnerability Database

CVE-2023-25161

Date: February 13, 2023

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available.

Language: PHP

Severity Score

3.7

Related Resources (5)

Url: https://hackerone.com/reports/1691195

Url: https://github.com/nextcloud/server/pull/34632

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-492h-596q-xr2f

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25161

Url: https://www.mend.io/vulnerability-database/CVE-2023-25161

Severity Score

3.7

Weakness Type (CWE)

Improper Access Control

CWE-284

Insufficient Information

NVD-CWE-noinfo

CVSS v3.1

Base Score:	3.7
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25161

Date: February 13, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?