Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection. References: https://nextcloud.com/security/advisory/?id=NC-SA-2021-009 https://hackerone.com/reports/1154003
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 1977202]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.