You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Lack of ratelimit on public share link mount endpoint
Low
LukasReschke
published
GHSA-crvj-vmf7-xrvrJul 12, 2021
Package
Nextcloud Server
Affected versions
< 19.0.13, < 20.0.11, < 21.0.3
Patched versions
19.0.13, 20.0.11, 21.0.3
Description
Impact
There was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Impact
There was a lack of ratelimiting on the public share link mount endpoint. This may have allowed an attacker to enumerate potentially valid share tokens.
Patches
It is recommended that the Nextcloud Server is upgraded to 19.0.13, 20.0.11 or 21.0.3
Workarounds
None.
References
For more information
If you have any questions or comments about this advisory: