Vulnerability DatabaseCVE-2021-41177

CVE-2021-41177:
Linux openSUSE vulnerability analysis and mitigation

Overview

CVE-2021-41177 is a security vulnerability affecting Nextcloud Server versions prior to 20.0.13, 21.0.5, and 22.2.0. The vulnerability was discovered and disclosed on October 25, 2021, impacting the rate-limiting functionality of Nextcloud installations (Nextcloud Advisory).

Technical details

The vulnerability stems from Nextcloud Server's failure to implement a database backend for rate-limiting purposes. As a result, any component of Nextcloud using rate-limits (such as AnonRateThrottle or UserRateThrottle) was not properly rate-limited on instances without a configured memory cache backend. This particularly affected the rate-limits on two-factor authentication codes in default installations (Nextcloud Advisory).

Impact

The vulnerability could lead to a bypass of security rate-limiting mechanisms, potentially allowing attackers to perform brute-force attacks against two-factor authentication codes and other rate-limited functionalities without proper throttling (Nextcloud Advisory).

Mitigation and workarounds

The vulnerability has been patched in Nextcloud Server versions 20.0.13, 21.0.5, and 22.2.0. As a workaround, administrators can enable a memory cache backend in config.php, as shown in the config.sample.php file (Nextcloud Advisory).

Additional resources

Source: This report was generated using AI

Related Linux openSUSE vulnerabilities:

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-62291	HIGH	8.1	strongSwan	strongswan-nm	No	Yes	Jan 16, 2026
CVE-2026-0891	HIGH	8.1	Mozilla Firefox	MozillaFirefox	No	Yes	Jan 13, 2026
CVE-2025-24528	HIGH	7.1	Kerberos	krb5	No	Yes	Jan 16, 2026
CVE-2026-0890	MEDIUM	5.4	Mozilla Firefox	firefox-esr	No	Yes	Jan 13, 2026
CVE-2025-43904	MEDIUM	4.2	Linux Debian	slurm-doc	No	Yes	Jan 16, 2026