Missing rate limiting on password reset functionality allows sending lots of emails
Package
Server
(Nextcloud)
Affected versions
< 25.0.1, < 24.0.8, < 23.0.12
Patched versions
25.0.1, 24.0.8, 23.0.12
Server (Enterprise)
(Nextcloud)
< 25.0.1, < 24.0.8, < 23.0.12
25.0.1, 24.0.8, 23.0.12
Impact
Service slowdown, storage overflow, cost impact when using external email services
Patches
It is recommended that the Nextcloud Server is upgraded to 25.0.1, 24.0.8 or 23.0.12
It is recommended that the Nextcloud Enterprise Server is upgraded to 25.0.1, 24.0.8, 23.0.12
Workarounds
No workaround available
References
For more information
If you have any questions or comments about this advisory: