Home > Vulnerability Database > CVE-2023-45148

Mend.io Vulnerability Database

CVE-2023-45148

Good to know:

Date: October 16, 2023

Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.

Language: PHP

Severity Score

4.3

Related Resources (5)

Url: https://nvd.nist.gov/vuln/detail/CVE-2023-45148

Url: https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63

Url: https://github.com/nextcloud/server/pull/40293

Url: https://hackerone.com/reports/2110945

Url: https://www.mend.io/vulnerability-database/CVE-2023-45148

Severity Score

4.3

Weakness Type (CWE)

Improper Restriction of Excessive Authentication Attempts

CWE-307

Top Fix

Upgrade Version

Upgrade to version v25.0.11,v26.0.6,v27.1.0

Learn More

CVSS v3.1

Base Score:	4.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2023-45148

Good to know:

Date: October 16, 2023

Language: PHP

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?