Skip to content

Reference fetch can saturate the server bandwidth for 10 seconds

Moderate
nickvergessen published GHSA-9wmj-gp8v-477j Mar 30, 2023

Package

Server (Nextcloud)

Affected versions

>= 25.0.0

Patched versions

25.0.3

Description

Impact

Impacts server performances and/or can lead to a denial of service.

Patches

It is recommended that the Nextcloud Server is upgraded to 25.0.3.

Workarounds

No workaround available

References

For more information

If you have any questions or comments about this advisory:

Severity

Moderate
5.7
/ 10

CVSS base metrics

Attack vector
Network
Attack complexity
Low
Privileges required
Low
User interaction
Required
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:N/A:H

CVE ID

CVE-2023-28644

Weaknesses