CNNVD-202512-646 Information
CNNVD ID
CNNVD-202512-646
Related CVE
- CNNVD Published: 2025-12-05
Description (Chinese)
WebAuthn second factor provider for Nextcloud是Nextcloud开源的一个双因素认证软件。 WebAuthn second factor provider for Nextcloud 1.4.2之前版本和2.4.1之前版本存在安全漏洞,该漏洞源于缺少所有权检查,可能导致攻击者移除2FA设备。
Description (English)
WebAutn second facter program for Nextcloud is a two-factor authentication software from the Nextcloud open source. There is a security loophole in previous versions of the WebAutn second practicer for Nextcloud 1.4.2 and before 2.4.1, which stems from a lack of ownership checks that may lead the attackers to remove 2FA equipment.
Hazard Level
Critical
Vulnerability Type
其他
Affected Vendor
Nextcloud
Published
2025-12-05
Last Modified
2026-02-24
References
https://github.com/nextcloud/security-advisories/security/advisories/GHSA-fr8x-mvjg-wf9q https://github.com/nextcloud/twofactor_webauthn/commit/5d2302166d31ee2e01b2e21556bd5372156da13d https://github.com/nextcloud/twofactor_webauthn/pull/881 https://hackerone.com/reports/3360354
Patch
https://apps.nextcloud.com/apps/twofactor_webauthn
Share on: