Home > Vulnerability Database > CVE-2023-32320

Mend.io Vulnerability Database

CVE-2023-32320

Good to know:

Date: June 22, 2023

Nextcloud Server is a data storage system for Nextcloud, a self-hosted productivity platform. When multiple requests are sent in parallel, all of them were executed even if the amount of faulty requests succeeded the limit by the time the response was sent to the client. This allowed someone to send as many requests the server could handle in parallel to bruteforce protected details instead of the configured limit, default 8. Nextcloud Server versions 25.0.7 and 26.0.2 and Nextcloud Enterprise Server versions 21.0.9.12, 22.2.10.12, 23.0.12.7, 24.0.12.2, 25.0.7 and 26.0.2 contain patches for this issue.

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-32320

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-qphh-6xh7-vffg

Url: https://hackerone.com/reports/1918525

Url: https://github.com/nextcloud/server/pull/38274

Url: https://www.mend.io/vulnerability-database/CVE-2023-32320

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Top Fix

Upgrade Version

Upgrade to version v25.0.7,v26.0.2

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-32320

Good to know:

Date: June 22, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?