Lack of ratelimit on public DAV endpoint

Impact

There was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials.

Patches

It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3

Workarounds

None.

References

For more information

If you have any questions or comments about this advisory:

Create a post in nextcloud/security-advisories
Customers: Open a support ticket at support.nextcloud.com

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Lack of ratelimit on public DAV endpoint

Package

Affected versions

Patched versions

Description

Impact

Patches

Workarounds

References

For more information

Severity

CVE ID

Weaknesses

Credits