## Description
### Impact
Missing protection allows an attacker to brute force the client secrets of configured OAuth2 clients.
### Patches
It is recommended that the Nextcloud Server is upgraded to 25.0.9, 26.0.4 or 27.0.1
It is recommended that the Nextcloud Enterprise Server is upgraded to22.2.10.14, 23.0.12.9, 24.0.12.5, 25.0.9, 26.0.4 or 27.0.1
### Workarounds
* No workaround available
### References
* [HackerOne]()
* [PullRequest]()
### For more information
If you have any questions or comments about this advisory:
* Create a post in [nextcloud/security-advisories]()
* Customers: Open a support ticket at [portal.nextcloud.com]()Read More