Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. Nextcloud Server and Nextcloud Enterprise Server prior to versions 25.0.1 24.0.8, and 23.0.12 missing rate limiting on password reset functionality. This could result in service slowdown, storage overflow, or cost impact when using external email services. Users should upgrade to Nextcloud Server 25.0.1, 24.0.8, or 23.0.12 or Nextcloud Enterprise Server 25.0.1, 24.0.8, or 23.0.12 to receive a patch. No known workarounds are available. https://github.com/nextcloud/server/pull/34632 https://hackerone.com/reports/1691195 https://github.com/nextcloud/security-advisories/security/advisories/GHSA-492h-596q-xr2f
Created nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2179767] Created nextcloud:23/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2179769] Affects: fedora-all [bug 2179772] Created nextcloud:24/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2179770] Affects: fedora-all [bug 2179773] Created nextcloud:nextcloud-18/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2179774] Created nextcloud:nextcloud-19/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2179775] Created nextcloud:nextcloud-21/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2179776] Created nextcloud:nextcloud-22/nextcloud tracking bugs for this issue: Affects: epel-all [bug 2179771] Affects: fedora-all [bug 2179777] Created nextcloud:nextcloud-stable/nextcloud tracking bugs for this issue: Affects: fedora-all [bug 2179778]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.