Nextcloud server before version 21.0.2 did not consider IPv6 subnets in the ratelimiting implementation. This could potentially result in an attacker bypassing ratelimit controls such as the Nextcloud bruteforce protection.
Nextcloud server before version 21.0.2 did not consider IPv6 subnets in the ratelimiting implementation. This could potentially result in an attacker bypassing ratelimit controls such as the Nextcloud bruteforce protection.
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-2967-6mrp-gg3p https://hackerone.com/reports/1154003