Nextcloud server is an open source personal cloud server. Affected versions of nextcloud server did not properly limit user display names which could allow a malicious users to overload the backing database and cause a denial of service. It is recommended that the Nextcloud Server is upgraded to 22.2.10, 23.0.7 or 24.0.3. There are no known workarounds for this issue. https://github.com/nextcloud/security-advisories/security/advisories/GHSA-6w9f-jgjx-4vj6 https://github.com/nextcloud/server/pull/33052 https://hackerone.com/reports/1588562
Created nextcloud tracking bugs for this issue: Affects: epel-all [bug 2148817] Affects: fedora-all [bug 2148816]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.