Impact
An attacker was able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account.
Patches
It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0
Workarounds
There is no known workaround.
References
For more information
If you have any questions or comments about this advisory:
Impact
An attacker was able to bypass Two Factor Authentication in Nextcloud. Thus knowledge of a password, or access to a WebAuthN trusted device of a user was sufficient to gain access to an account.
Patches
It is recommended that the Nextcloud Server is upgraded to 20.0.12, 21.0.4 or 22.1.0
Workarounds
There is no known workaround.
References
For more information
If you have any questions or comments about this advisory: