CVE-2018-16466

EPSS 0.13%
Published 30.10.2018 21:29:00
Last modified 21.11.2024 03:52:48
Source support@hackerone.com
Teams watchlist Login
Open Login

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

Affected products Warnungen 0 Metrics 3 CWE 2 References 5

Data is provided by the National Vulnerability Database (NVD)

Nextcloud ≫ Nextcloud Server Version < 12.0.11

Nextcloud ≫ Nextcloud Server Version >= 13.0.0 < 13.0.6

Nextcloud ≫ Nextcloud Server Version14.0.0 Updatebeta1

Nextcloud ≫ Nextcloud Server Version14.0.0 Updatebeta2

Nextcloud ≫ Nextcloud Server Version14.0.0 Updatebeta3

Nextcloud ≫ Nextcloud Server Version14.0.0 Updatebeta4

Nextcloud ≫ Nextcloud Server Version14.0.0 Updaterc1

Nextcloud ≫ Nextcloud Server Version14.0.0 Updaterc2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.13%	0.327

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	8.1	2.8	5.2	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
nvd@nist.gov	5.5	8	4.9	AV:N/AC:L/Au:S/C:P/I:P/A:N

CWE-273 Improper Check for Dropped Privileges

The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.

CWE-284 Improper Access Control

The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

https://hackerone.com/reports/388515

Third Party Advisory

https://nextcloud.com/security/advisory/?id=NC-SA-2018-010

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2018-16466

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2018-16466

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2018-16466

EUVD