← back
CVE-2023-28644

Reference fetch can saturate the server bandwidth for 10 seconds in nextcloud server

CVSS 5.7 MEDIUMEPSS 0.6%CWE-400
Vexday Risk Score
13Low
SSVC decision (CISA)
Track
No exploitation signal → monitor
CVSS 5.7EPSS 0.6%KEV nãoPoC Nuclei Metasploit Patch
Lifecycle
30 Mar 2023Published on NVD
Recommendation: Monitor — no exploitation signal at the moment.
Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
Affected products
nextcloud · security-advisories

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477jhttps://github.com/nextcloud/server/pull/36016