Impact
Ratelimits are not applied to OCS API responses. This affects any OCS API controller (OCSController) using the @BruteForceProtection annotation.
Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users.
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory:
Impact
Ratelimits are not applied to OCS API responses. This affects any OCS API controller (
OCSController) using the@BruteForceProtectionannotation.Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users.
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory: