Back to search
CVE-2021-22915
Published: Jun 11, 2021
Modified: Aug 3, 2024
PUBLISHED
Description
Nextcloud server before 19.0.11, 20.0.10, 21.0.2 is vulnerable to brute force attacks due to lack of inclusion of IPv6 subnets in rate-limiting considerations. This could potentially result in an attacker bypassing rate-limit controls such as the Nextcloud brute-force protection.
| Vendor | Product | Versions |
|---|---|---|
n/a | Nextcloud Server | affected Fixed in 19.0.11, 20.0.10, 21.0.2 |
Weaknesses (CWE)
References
https://hackerone.com/reports/1154003
x_refsource_MISC
https://nextcloud.com/security/advisory/?id=NC-SA-2021-009
x_refsource_MISC
FEDORA-2021-eac0e52f88
vendor-advisory
x_refsource_FEDORA
FEDORA-2021-afa7968aeb
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now