Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud, позволяющая нарушителю получить вызвать отказ в обслуживании

Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud, позволяющая нарушителю вызвать отказ в обслуживании

Уязвимость облачного программного обеспечения для создания и использования хранилища данных Nextcloud, позволяющая нарушителю вызвать отказ в обслуживании

Nextcloud is an Open Source private cloud software. Versions 25.0.0 and above, prior to 25.0.3, are subject to Uncontrolled Resource Consumption. A user can configure a very long password, consuming more resources on password validation than desired. This issue is patched in 25.0.3 No workaround is available.

Nextcloud server is an open source home cloud implementation. In affected versions when a recipient receives 2 shares with the same name, while a memory cache is configured, the second share will replace the first one instead of being renamed to `{name} (2)`. It is recommended that the Nextcloud Server is upgraded to 25.0.3 or 24.0.9. Users unable to upgrade should avoid sharing 2 folders with the same name to the same user.

Nextcloud server is an open source home cloud implementation. In releases of the 25.0.x branch before 25.0.3 an inefficient fetch operation may impact server performances and/or can lead to a denial of service. This issue has been addressed and it is recommended that the Nextcloud Server is upgraded to 25.0.3. There are no known workarounds for this vulnerability.