Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-48745

Summary
Assigner-Patchstack
Assigner Org ID-21595511-bba5-4825-b968-b78d1f9984a3
Published At-04 Jun, 2024 | 10:41
Updated At-02 Aug, 2024 | 21:37
Rejected At-
Credits

WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:Patchstack
Assigner Org ID:21595511-bba5-4825-b968-b78d1f9984a3
Published At:04 Jun, 2024 | 10:41
Updated At:02 Aug, 2024 | 21:37
Rejected At:
▼CVE Numbering Authority (CNA)
WordPress Captcha Code plugin <= 2.9 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.

Affected Products
Vendor
WebFactory Ltd
Product
Captcha Code
Collection URL
https://wordpress.org/plugins
Package Name
captcha-code-authentication
Default Status
unaffected
Versions
Affected
  • From n/a through 2.9 (custom)
    • -> unaffectedfrom3.0
Problem Types
TypeCWE IDDescription
CWECWE-307CWE-307 Improper Restriction of Excessive Authentication Attempts
Type: CWE
CWE ID: CWE-307
Description: CWE-307 Improper Restriction of Excessive Authentication Attempts
Metrics
VersionBase scoreBase severityVector
3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-554CAPEC-554 Functionality Bypass
CAPEC ID: CAPEC-554
Description: CAPEC-554 Functionality Bypass
Solutions

Update to 3.0 or a higher version.

Configurations
Workarounds
Exploits
Credits
finder
qilin_99 (Patchstack Alliance)
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cve
vdb-entry
Hyperlink: https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cve
Resource:
vdb-entry
▼Authorized Data Publishers (ADP)
1. CISA ADP Vulnrichment
Affected Products
Vendor
webfactory
Product
captcha_code
CPEs
  • cpe:2.3:a:webfactory:captcha_code:*:*:*:*:*:*:*:*
Default Status
unknown
Versions
Affected
  • From 0 through 2.9 (custom)
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
2. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cve
vdb-entry
x_transferred
Hyperlink: https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cve
Resource:
vdb-entry
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:audit@patchstack.com
Published At:04 Jun, 2024 | 11:15
Updated At:04 Jun, 2024 | 16:57

Improper Restriction of Excessive Authentication Attempts vulnerability in WebFactory Ltd Captcha Code allows Functionality Bypass.This issue affects Captcha Code: from n/a through 2.9.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.15.3MEDIUM
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
Type: Secondary
Version: 3.1
Base score: 5.3
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N
CPE Matches
Weaknesses
CWE IDTypeSource
CWE-307Primaryaudit@patchstack.com
CWE ID: CWE-307
Type: Primary
Source: audit@patchstack.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cveaudit@patchstack.com
N/A
Hyperlink: https://patchstack.com/database/vulnerability/captcha-code-authentication/wordpress-captcha-code-plugin-2-8-captcha-bypass-vulnerability?_s_id=cve
Source: audit@patchstack.com
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

19Records found
CVE-2024-12034
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.09% / 25.88%
||
7 Day CHG~0.00%
Published-24 Dec, 2024 | 05:23
Updated-24 Dec, 2024 | 16:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced Google reCAPTCHA <= 1.25 - Brute Force Protection IP Unblock

The Advanced Google reCAPTCHA plugin for WordPress is vulnerable to IP unblocking in all versions up to, and including, 1.25. This is due to the plugin not utilizing a strong unique key when generating an unblock request. This makes it possible for unauthenticated attackers to unblock their IP after being locked out due to too many bad password attempts

Action-Not Available
Vendor-webfactory
Product-Advanced Google reCAPTCHA
CWE ID-CWE-340
Generation of Predictable Numbers or Identifiers
CVE-2025-1262
Matching Score-8
Assigner-Wordfence
ShareView Details
Matching Score-8
Assigner-Wordfence
CVSS Score-5.3||MEDIUM
EPSS-0.08% / 24.65%
||
7 Day CHG~0.00%
Published-25 Feb, 2025 | 12:41
Updated-28 Feb, 2025 | 01:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Advanced Google reCaptcha <= 1.27 - Built-in Math CAPTCHA Bypass

The Advanced Google reCaptcha plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 1.27 . This makes it possible for unauthenticated attackers to bypass the Built-in Math Captcha Verification.

Action-Not Available
Vendor-webfactoryltdwebfactory
Product-advanced_google_recaptchaAdvanced Google reCAPTCHA
CWE ID-CWE-804
Guessable CAPTCHA
CVE-2021-33190
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-5.3||MEDIUM
EPSS-2.08% / 83.29%
||
7 Day CHG~0.00%
Published-08 Jun, 2021 | 15:05
Updated-03 Aug, 2024 | 23:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Bypass network access control

In Apache APISIX Dashboard version 2.6, we changed the default value of listen host to 0.0.0.0 in order to facilitate users to configure external network access. In the IP allowed list restriction, a risky function was used for the IP acquisition, which made it possible to bypass the network limit. At the same time, the default account and password are fixed.Ultimately these factors lead to the issue of security risks. This issue is fixed in APISIX Dashboard 2.6.1

Action-Not Available
Vendor-The Apache Software Foundation
Product-apisix_dashboardApache APISIX Dashboard
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-35747
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.06% / 18.88%
||
7 Day CHG~0.00%
Published-10 Jun, 2024 | 16:37
Updated-02 Aug, 2024 | 03:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through 2.1.7.

Action-Not Available
Vendor-contact_form_builder_projectWpDevArt
Product-contact_form_builderContact Form Builder, Contact Widget
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-32676
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.19% / 40.85%
||
7 Day CHG~0.00%
Published-25 Apr, 2024 | 10:43
Updated-02 Aug, 2024 | 02:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress LoginPress Pro plugin < 3.0.0 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in LoginPress LoginPress Pro allows Removing Important Client Functionality.This issue affects LoginPress Pro: from n/a before 3.0.0.

Action-Not Available
Vendor-LoginPress
Product-LoginPress Pro
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2024-32720
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.22% / 44.60%
||
7 Day CHG~0.00%
Published-17 May, 2024 | 09:37
Updated-02 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Appointment Hour Booking plugin <= 1.4.56 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Appointment Hour Booking allows Removing Important Client Functionality.This issue affects Appointment Hour Booking: from n/a through 1.4.56.

Action-Not Available
Vendor-CodePeople
Product-Appointment Hour Booking
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-29023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.15% / 36.85%
||
7 Day CHG~0.00%
Published-17 May, 2021 | 00:00
Updated-03 Aug, 2024 | 21:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

InvoicePlane 1.5.11 doesn't have any rate-limiting for password reset and the reset token is generated using a weak mechanism that is predictable.

Action-Not Available
Vendor-invoiceplanen/a
Product-invoiceplanen/a
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-48290
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.71%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 10:25
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Form Maker by 10Web plugin <= 1.15.20 - Captcha Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in 10Web Form Builder Team Form Maker by 10Web allows Functionality Bypass.This issue affects Form Maker by 10Web: from n/a through 1.15.20.

Action-Not Available
Vendor-10Web (TenWeb, Inc.)
Product-Form Maker by 10Webform_maker
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-34001
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 30.71%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 07:09
Updated-30 Jun, 2025 | 18:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hide My WP Ghost – Security Plugin plugin <= 5.0.25 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in WPPlugins – WordPress Security Plugins Hide My WP Ghost allows Functionality Bypass.This issue affects Hide My WP Ghost: from n/a through 5.0.25.

Action-Not Available
Vendor-wppluginsWPPlugins – WordPress Security Plugins
Product-hide_my_wp_ghostHide My WP Ghost
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2025-6004
Matching Score-4
Assigner-HashiCorp Inc.
ShareView Details
Matching Score-4
Assigner-HashiCorp Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.02% / 2.46%
||
7 Day CHG-0.00%
Published-01 Aug, 2025 | 17:56
Updated-13 Aug, 2025 | 18:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Vault Userpass and LDAP User Lockout Bypass

Vault and Vault Enterprise’s (“Vault”) user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23.

Action-Not Available
Vendor-HashiCorp, Inc.
Product-vaultVault EnterpriseVault
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-32678
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-3.7||LOW
EPSS-0.30% / 52.96%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 12:25
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Ratelimit not applied on OCS API responses

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, ratelimits are not applied to OCS API responses. This affects any OCS API controller (`OCSController`) using the `@BruteForceProtection` annotation. Risk depends on the installed applications on the Nextcloud Server, but could range from bypassing authentication ratelimits or spamming other Nextcloud users. The vulnerability is patched in versions 19.0.13, 20.0.11, and 21.0.3. No workarounds aside from upgrading are known to exist.

Action-Not Available
Vendor-Fedora ProjectNextcloud GmbH
Product-fedoranextcloud_serversecurity-advisories
CWE ID-CWE-799
Improper Control of Interaction Frequency
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-32703
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.73% / 81.67%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:25
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of ratelimit on shareinfo endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the shareinfo endpoint. This may have allowed an attacker to enumerate potentially valid share tokens. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

Action-Not Available
Vendor-Fedora ProjectNextcloud GmbH
Product-fedoranextcloud_serversecurity-advisories
CWE ID-CWE-799
Improper Control of Interaction Frequency
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-23730
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.13% / 33.68%
||
7 Day CHG~0.00%
Published-03 Jun, 2024 | 21:24
Updated-10 Apr, 2025 | 18:38
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Captcha Bypass Vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Brainstorm Force Spectra allows Functionality Bypass.This issue affects Spectra: from n/a through 2.3.0.

Action-Not Available
Vendor-Brainstorm Force
Product-spectraSpectraspectra
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2025-54998
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 8.03%
||
7 Day CHG~0.00%
Published-09 Aug, 2025 | 02:00
Updated-12 Aug, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenBao Userpass and LDAP User Lockout Bypass

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, attackers could bypass the automatic user lockout mechanisms in the OpenBao Userpass or LDAP auth systems. This was caused by different aliasing between pre-flight and full login request user entity alias attributions. This is fixed in version 2.3.2. To work around this issue, existing users may apply rate-limiting quotas on the authentication endpoints:, see https://openbao.org/api-docs/system/rate-limit-quotas/.

Action-Not Available
Vendor-openbaoopenbao
Product-openbaoopenbao
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-48318
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.78%
||
7 Day CHG~0.00%
Published-04 Jun, 2024 | 10:26
Updated-02 Aug, 2024 | 21:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through 1.3.41.

Action-Not Available
Vendor-CodePeople
Product-Contact Form Email
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2023-1539
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 11.82%
||
7 Day CHG~0.00%
Published-21 Mar, 2023 | 00:00
Updated-27 Feb, 2025 | 17:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Restriction of Excessive Authentication Attempts in answerdev/answer

Improper Restriction of Excessive Authentication Attempts in GitHub repository answerdev/answer prior to 1.0.6.

Action-Not Available
Vendor-answeranswerdev
Product-answeranswerdev/answer
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2022-27516
Matching Score-4
Assigner-Citrix Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Citrix Systems, Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.03% / 6.21%
||
7 Day CHG~0.00%
Published-08 Nov, 2022 | 21:26
Updated-01 May, 2025 | 19:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User login brute force protection functionality bypass

User login brute force protection functionality bypass

Action-Not Available
Vendor-Citrix (Cloud Software Group, Inc.)
Product-gatewayapplication_delivery_controller_firmwareapplication_delivery_controllerCitrix Gateway, Citrix ADC
CWE ID-CWE-693
Protection Mechanism Failure
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2025-22645
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 29.10%
||
7 Day CHG~0.00%
Published-18 Feb, 2025 | 19:54
Updated-18 Feb, 2025 | 20:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Real Estate Manager – Property Listing and Agent Management plugin <= 7.3 - Captcha Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Rameez Iqbal Real Estate Manager allows Password Brute Forcing. This issue affects Real Estate Manager: from n/a through 7.3.

Action-Not Available
Vendor-Rameez Iqbal
Product-Real Estate Manager
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
CVE-2021-32705
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5.3||MEDIUM
EPSS-1.07% / 76.82%
||
7 Day CHG~0.00%
Published-12 Jul, 2021 | 15:30
Updated-03 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Lack of ratelimit on public DAV endpoint

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.011, and 21.0.3, there was a lack of ratelimiting on the public DAV endpoint. This may have allowed an attacker to enumerate potentially valid share tokens or credentials. The issue was fixed in versions 19.0.13, 20.0.11, and 21.0.3. There are no known workarounds.

Action-Not Available
Vendor-Fedora ProjectNextcloud GmbH
Product-fedoranextcloud_serversecurity-advisories
CWE ID-CWE-799
Improper Control of Interaction Frequency
CWE ID-CWE-307
Improper Restriction of Excessive Authentication Attempts
Details not found