← Back

CVE-2018-16463

nvd nist
Published: Oct 30, 2018Modified: Nov 21, 2024

JSON object

Loading...
3.1
Vector
CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N
Exploitability: 0.5 / Impact: 2.5
Source: NVD

Description

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

Affected (8)

Nextcloud
1 product
Nextcloud Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Nextcloud
Nextcloud Server
Before 12.0.8
Nextcloud Server
From 13.0.0 to 13.0.3
Nextcloud Server
Version 14.0.0 beta1
Nextcloud Server
Version 14.0.0 beta2
Nextcloud Server
Version 14.0.0 beta3
Nextcloud Server
Version 14.0.0 beta4
Nextcloud Server
Version 14.0.0 rc1
Nextcloud Server
Version 14.0.0 rc2

Related CWEs

CWE-384
Session Fixation
Authenticating a user, or otherwise establishing a new user session, without invalidating any existing session identifier gives an attacker the opportunity to steal authenticated sessions.

References (4)

Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.