---

CVE-2021-22915 - log back

CVE-2021-22915 edited at 01 Jun 2021 20:10:38
References	https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2967-6mrp-gg3p + https://hackerone.com/reports/1154003

CVE-2021-22915 edited at 01 Jun 2021 19:57:56
Severity	- Unknown + Low
Remote	- Unknown + Remote
Type	- Unknown + Access restriction bypass
Description	+ Nextcloud server before version 21.0.2 did not consider IPv6 subnets in the ratelimiting implementation. This could potentially result in an attacker bypassing ratelimit controls such as the Nextcloud bruteforce protection.
References	+ https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2967-6mrp-gg3p
Notes

CVE-2021-22915 created at 01 Jun 2021 19:56:59