CVE-2023-45148
CVSS 3.1 Score 4.3 of 10 (medium)
Details
Summary
CVE-2023-45148 is a vulnerability affecting the Nextcloud open source home cloud server. When Memcached is utilized as the `memcache.distributed` option, the unexpected resetting of rate limiting in the Nextcloud server may occur. This issue allows for increased request levels, potentially leading to denial-of-service (DoS) attacks. Users are advised to upgrade to Nextcloud versions 25.0.11, 26.0.6, or 27.1.0 to address the issue. Alternatively, users unable to upgrade should configure `memcache.distributed` to `OC\\Memcache\\Redis` and install Redis instead of Memcached as a mitigation measure.
Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.
Affected Products
- Nextcloud Server
Affected Vendors
- Nextcloud GmbH
Advisories, Assessments, and Mitigations
Prioritize, Pinpoint, and Act to Prevent Vulnerability Exploits with Recorded Future
- Gain complete coverage of your cyber, third party, and physical attack surface
- Proactively mitigate threats before they turn into costly attacks
- Make fast, effective, data-driven decisions