Vulnerability in Nextcloud Security-advisories

CVE-2023-45149

Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without reg…

EPSS: 0.005 (37.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.

Affected products

Weakness classification (CWE)

References

Frequently asked questions

What is CVE-2023-45149?
CVE-2023-45149 is a medium-severity vulnerability in Nextcloud Security-advisories, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 4.3/10. Published 2023-10-16.
How severe is CVE-2023-45149?
Medium severity. CVSS v3 base score is 4.3 out of 10.