CVE-2021-41177

HIGH Year: 2021
CVSS v3 Score
8.1
High
CVSS v2 Score
5.5
Medium
Weakness Type
CWE-799
View all →

Vulnerability Description

Nextcloud is an open-source, self-hosted productivity platform. Prior to versions 20.0.13, 21.0.5, and 22.2.0, Nextcloud Server did not implement a database backend for rate-limiting purposes. Any component of Nextcloud using rate-limits (as as `AnonRateThrottle` or `UserRateThrottle`) was thus not rate limited on instances not having a memory cache backend configured. In the case of a default installation, this would notably include the rate-limits on the two factor codes. It is recommended that the Nextcloud Server be upgraded to 20.0.13, 21.0.5, or 22.2.0. As a workaround, enable a memory cache backend in `config.php`.

Related Vulnerabilities

CVE-2021-32705

HIGH
CVSS:7.5(High)

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed ...

CWE-7992021

CVE-2023-35621

HIGH
CVSS:7.5(High)

Microsoft Dynamics 365 Finance and Operations Denial of Service Vulnerability

CWE-7992023

CVE-2024-32943

HIGH
CVSS:7.5(High)

An attacker may be able to cause a denial-of-service condition by sending many SSH packets repeatedly.

CWE-7992024

CVE-2024-35246

HIGH
CVSS:7.5(High)

An attacker may be able to cause a denial-of-service condition by sending many packets repeatedly.

CWE-7992024

CVE-2024-45788

HIGH
CVSS:7.5(High)

This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by s...

CWE-7992024

CVE-2024-47654

HIGH
CVSS:7.5(High)

This vulnerability exists in Shilpi Client Dashboard due to lack of rate limiting and Captcha protection for OTP requests in certain API endpoint. An unauthenticated remote attacker could exploit this...

CWE-7992024