CVE-2023-25816: nextcloud vulnerable to Uncontrolled Resource Consumption
First published: Fri Feb 24 2023(Updated: )
Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Nextcloud Nextcloud Server | >=25.0.0<25.0.3 | |
| Nextcloud Nextcloud Server | >=25.0.0<25.0.3 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the vulnerability ID for this Nextcloud vulnerability?
The vulnerability ID for this Nextcloud vulnerability is CVE-2023-25816.
What is the severity of the CVE-2023-25816 vulnerability?
The severity of the CVE-2023-25816 vulnerability is medium with a CVSS score of 6.5.
Which versions of Nextcloud are affected by CVE-2023-25816?
Versions 25.0.0 and above, prior to 25.0.3, are affected by CVE-2023-25816.
What is the impact of the CVE-2023-25816 vulnerability?
The CVE-2023-25816 vulnerability allows a user to configure a very long password, consuming excessive resources on password validation.
How can the CVE-2023-25816 vulnerability be fixed?
The CVE-2023-25816 vulnerability is fixed in Nextcloud version 25.0.3. It is recommended to update to this version to mitigate the vulnerability.
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/weakness
- agent/last-modified-date
- agent/title
- agent/author
- agent/remedy
- agent/references
- agent/first-publish-date
- agent/tags
- agent/event
- agent/description
- vendor/nextcloud
- canonical/nextcloud nextcloud server
- version/nextcloud nextcloud server/25.0.0