What is CVE-2023-32319?

CVE-2023-32319 is a vulnerability in the Nextcloud server that allows for brute-force attacks on WebDAV endpoints via the basic auth header.

Which version of Nextcloud is affected by CVE-2023-32319?

Users from version 24.0.0 onward are affected by CVE-2023-32319.

What is the severity of CVE-2023-32319?

CVE-2023-32319 has a severity keyword of 'medium' and a severity value of 6.5.

How can I fix CVE-2023-32319?

To fix CVE-2023-32319, you should update your Nextcloud server to version 24.0.11 or 25.0.5.

Is there any additional information about CVE-2023-32319?

Yes, you can find additional information about CVE-2023-32319 in the Nextcloud security advisories and the GitHub pull request linked in the references.

Vulnerability/
CVE-2023-32319

high

8.1

CWE

307

26/5/2023

14/1/2025

CVE-2023-32319: Basic auth header on WebDAV requests is not brute-force protected in Nextcloud

First published: Fri May 26 2023(Updated: )

Nextcloud server is an open source personal cloud implementation. Missing brute-force protection on the WebDAV endpoints via the basic auth header allowed to brute-force user credentials when the provided user name was not an email address. Users from version 24.0.0 onward are affected. This issue has been addressed in releases 24.0.11, 25.0.5 and 26.0.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Nextcloud Nextcloud Server	>=25.0.0<25.0.5
Nextcloud Nextcloud Server	>=24.0.0<24.0.11

Remedy

https://github.com/nextcloud/server/pull/37227

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2023-32319?
CVE-2023-32319 is a vulnerability in the Nextcloud server that allows for brute-force attacks on WebDAV endpoints via the basic auth header.
Which version of Nextcloud is affected by CVE-2023-32319?
Users from version 24.0.0 onward are affected by CVE-2023-32319.
What is the severity of CVE-2023-32319?
CVE-2023-32319 has a severity keyword of 'medium' and a severity value of 6.5.
How can I fix CVE-2023-32319?
To fix CVE-2023-32319, you should update your Nextcloud server to version 24.0.11 or 25.0.5.
Is there any additional information about CVE-2023-32319?
Yes, you can find additional information about CVE-2023-32319 in the Nextcloud security advisories and the GitHub pull request linked in the references.

collector/nvd-latest
collector/nvd-index
agent/references
agent/type
agent/softwarecombine
collector/mitre-cve
source/MITRE
agent/remedy
agent/weakness
agent/title
agent/author
agent/last-modified-date
agent/tags
agent/severity
agent/description
agent/first-publish-date
agent/event
vendor/nextcloud
canonical/nextcloud nextcloud server
version/nextcloud nextcloud server/25.0.0
version/nextcloud nextcloud server/24.0.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.