Impact
There was a lack of ratelimiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.
Patches
It is recommended that the Nextcloud Richdocuments app is upgraded to TODO.
Workarounds
Disable the Richdocuments application.
References
For more information
If you have any questions or comments about this advisory:
Impact
There was a lack of ratelimiting on the Richdocuments OCS endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.
Patches
It is recommended that the Nextcloud Richdocuments app is upgraded to TODO.
Workarounds
Disable the Richdocuments application.
References
For more information
If you have any questions or comments about this advisory: