4.3
CVE-2023-45149
- EPSS 0.18%
- Veröffentlicht 16.10.2023 20:15:15
- Zuletzt bearbeitet 21.11.2024 08:26:26
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginPassword of talk conversations can be bruteforced in Nextcloud
Password of talk conversations can be bruteforced
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without registering bruteforce attempts. It is recommended that the Nextcloud Talk app is upgraded to 15.0.8, 16.0.6 or 17.1.1. There are no known workarounds for this vulnerability.
Mögliche Gegenmaßnahme
Talk: * No workaround available
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Weitere Schwachstelleninformationen
SystemNextcloud App
≫
Produkt
Talk
Version
>= 15.0.0, < 15.0.8
Version
>= 16.0.0, < 16.0.6
Version
>= 17.0.0, < 17.1.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.18% | 0.393 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
| security-advisories@github.com | 4.3 | 2.8 | 1.4 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N
|
CWE-307 Improper Restriction of Excessive Authentication Attempts
The product does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame.