Home > Vulnerability Database > CVE-2023-25161

Mend.io Vulnerability Database

CVE-2023-25161

Good to know:

Date: February 13, 2023

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available.

Language: PHP

Severity Score

5.3

Related Resources (5)

Url: https://hackerone.com/reports/1691195

Url: https://github.com/nextcloud/server/pull/34632

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-492h-596q-xr2f

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-25161

Url: https://www.mend.io/vulnerability-database/CVE-2023-25161

Severity Score

5.3

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Top Fix

Upgrade Version

Upgrade to version v23.0.12,v24.0.8,v25.0.1

Learn More

CVSS v3.1

Base Score:	5.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-25161

Good to know:

Date: February 13, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?