Home > Vulnerability Database > CVE-2023-39960

Mend.io Vulnerability Database

CVE-2023-39960

Good to know:

Date: October 13, 2023

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. In Nextcloud Server starting with 25.0.0 and prior to 25.09 and 26.04; as well as Nextcloud Enterprise Server starting with 22.0.0 and prior to 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4; missing protection allows an attacker to brute force passwords on the WebDAV API. Nextcloud Server 25.0.9 and 26.0.4 and Nextcloud Enterprise Server 22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, and 26.0.4 contain patches for this issue. No known workarounds are available.

Language: PHP

Severity Score

7.5

Related Resources (5)

Url: https://hackerone.com/reports/1924212

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2hrc-5fgp-c9c9

Url: https://github.com/nextcloud/server/pull/38046

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-39960

Url: https://www.mend.io/vulnerability-database/CVE-2023-39960

Severity Score

7.5

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Top Fix

Upgrade Version

Upgrade to version v25.0.9,v26.0.4

Learn More

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	NONE
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2023-39960

Good to know:

Date: October 13, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?