CVE-2023-28644

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
GitHub_MCNA
5.7 MEDIUM
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H
CVEADP
---
---
CISA-ADPADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 68%
VendorProductVersion
nextcloudnextcloud_server
25.0.0 ≤
𝑥
< 25.0.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j
https://github.com/nextcloud/server/pull/36016
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-9wmj-gp8v-477j
https://github.com/nextcloud/server/pull/36016