How severe is CVE-2023-25820?

This vulnerability has a severity rating of HIGH with a CVSS score of 7.8 out of 10.

What type of vulnerability is CVE-2023-25820?

This is classified as CWE-307, which is a common weakness in software security.

CVE-2023-25820 - HIGH Severity | CVSS 7.8

Vulnerability Description

Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud Enterprise Server versions 25.0.x prior to 25.0.4, 24.0.x prior to 24.0.10, 23.0.x prior to 23.0.12.5, 22.x prior to 22.2.0.10, and 21.x prior to 21.0.9.10, when an attacker gets access to an already logged in user session they can then brute force the password on the confirmation endpoint. Nextcloud Server should upgraded to 24.0.10 or 25.0.4 and Nextcloud Enterprise Server should upgraded to 21.0.9.10, 22.2.10.10, 23.0.12.5, 24.0.10, or 25.0.4 to receive a patch. No known workarounds are available.

Related Vulnerabilities

CVE-2022-2650

HIGH

CVSS:7.8(High)

Improper Restriction of Excessive Authentication Attempts in GitHub repository wger-project/wger prior to 2.2.

CWE-3072022

CVE-2023-0860

HIGH

CVSS:7.8(High)

Improper Restriction of Excessive Authentication Attempts in GitHub repository modoboa/modoboa-installer prior to 2.0.4.

CWE-3072023

CVE-2023-1665

HIGH

CVSS:7.8(High)

Improper Restriction of Excessive Authentication Attempts in GitHub repository linagora/twake prior to 0.0.0.

CWE-3072023

CVE-2024-42176

HIGH

CVSS:8.0(High)

HCL MyXalytics is affected by concurrent login vulnerability. A concurrent login vulnerability occurs when simultaneous active sessions are allowed for a single credential allowing an attacker to pote...

CWE-3072024

CVE-1999-1152

HIGH

CVSS:7.5(High)

Compaq/Microcom 6000 Access Integrator does not disconnect a client after a certain number of failed login attempts, which allows remote attackers to guess usernames or passwords via a brute force att...

CWE-3071999

CVE-2002-0628

HIGH

CVSS:7.5(High)

The Telnet service for Polycom ViewStation before 7.2.4 does not restrict the number of failed login attempts, which makes it easier for remote attackers to guess usernames and passwords via a brute f...

CWE-3072002