Description

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.

Related CPE's

a

nextcloud

nextcloud_server

*

*

*

*

enterprise

Vulnerable

References

https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j

Vendor Advisory

https://github.com/nextcloud/server/pull/36016

Issue TrackingPatch

Weaknesses

[email protected]

Primary
NVD-CWE-noinfo

[email protected]

Secondary
CWE-400

CVSS impact metrics

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

7.5 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2023-03-30T19:15:06.687

2 years ago

Last modified

2023-11-07T04:10:46.733

1 year ago