Vulnerability in Nextcloud Security-advisories
CVE-2023-45149
Nextcloud talk is a chat module for the Nextcloud server platform. In affected versions brute force protection of public talk conversation passwords can be bypassed, as there was an endpoint validating the conversation password without reg…
EPSS: 0.005 (37.9th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 4.3 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N.
Affected products
- Nextcloud Security-advisories — versions >= 15.0.0, < 15.0.8, >= 16.0.0, < 16.0.6, >= 17.0.0, < 17.1.1
- Nextcloud Talk
Weakness classification (CWE)
References
- security-advisories@github.com (x_refsource_CONFIRM, Vendor Advisory)
- security-advisories@github.com (Patch, x_refsource_MISC, Issue Tracking)
- security-advisories@github.com (Permissions Required, x_refsource_MISC)
Frequently asked questions
- What is CVE-2023-45149?
- CVE-2023-45149 is a medium-severity vulnerability in Nextcloud Security-advisories, classified under Improper Restriction of Excessive Authentication Attempts. CVSS score: 4.3/10. Published 2023-10-16.
- How severe is CVE-2023-45149?
- Medium severity. CVSS v3 base score is 4.3 out of 10.