Impact
An attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (a-zA-Z0-9 ^ 15).
Patches
It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2.
Workarounds
As a workaround federated sharing can be disabled in the Admin Sharing settings: index.php/settings/admin/sharing
References
For more information
If you have any questions or comments about this advisory:
Impact
An attacker could brute force to find if federated sharing is being used and potentially try to brute force access tokens for federated shares (
a-zA-Z0-9^ 15).Patches
It is recommended that the Nextcloud Server is upgraded to 22.2.9, 23.0.6 or 24.0.2.
Workarounds
As a workaround federated sharing can be disabled in the Admin Sharing settings:
index.php/settings/admin/sharingReferences
For more information
If you have any questions or comments about this advisory: