There was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
None.
If you have any questions or comments about this advisory:
Impact
There was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory: