Nextcloud is an open source home cloud server. When Memcached is used as `memcache.distributed` the rate limiting in Nextcloud Server could be reset unexpectedly resetting the rate count earlier than intended. Users are advised to upgrade to versions 25.0.11, 26.0.6 or 27.1.0. Users unable to upgrade should change their config setting `memcache.distributed` to `\OC\Memcache\Redis` and install Redis instead of Memcached.
References
Link | Resource |
---|---|
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-xmhp-7vr4-hp63 | Vendor Advisory |
https://github.com/nextcloud/server/pull/40293 | Issue Tracking Patch |
https://hackerone.com/reports/2110945 | Permissions Required |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2023-10-16T18:51:56.827Z
Updated: 2023-10-16T18:51:56.827Z
Reserved: 2023-10-04T16:02:46.330Z
Link: CVE-2023-45148
JSON object: View
NVD Information
Status : Analyzed
Published: 2023-10-16T19:15:10.860
Modified: 2023-10-20T12:19:02.097
Link: CVE-2023-45148
JSON object: View
Redhat Information
No data.
CWE