Home > Vulnerability Database > CVE-2023-28847

Mend.io Vulnerability Database

CVE-2023-28847

Good to know:

Date: April 25, 2023

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. In Nextcloud Server 24.0.0 prior to 24.0.11 and 25.0.0 prior to 25.0.5; as well as Nextcloud Server Enterprise 23.0.0 prior to 23.0.12.6, 24.0.0 prior to 24.0.11, and 25.0.0 prior to 25.0.5; an attacker is not restricted in verifying passwords of share links so they can just start brute forcing the password. Nextcloud Server 24.0.11 and 25.0.5 and Nextcloud Enterprise Server 23.0.12.6, 24.0.11, and 25.0.5 contain a fix for this issue. No known workarounds are available.

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://github.com/nextcloud/server/pull/35057

Url: https://hackerone.com/reports/1894653

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-28847

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-r5wf-xj97-3w7w

Url: https://www.mend.io/vulnerability-database/CVE-2023-28847

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Top Fix

Upgrade Version

Upgrade to version v24.0.11,v25.0.5

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-28847

Good to know:

Date: April 25, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?