← Back

CVE-2018-16466

nvd nist
Published: Oct 30, 2018Modified: Nov 21, 2024

JSON object

Loading...
8.1
Vector
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N
Exploitability: 2.8 / Impact: 5.2
Source: NVD

Description

Improper revalidation of permissions in Nextcloud Server prior to 14.0.0, 13.0.6 and 12.0.11 lead to not accepting access restrictions by acess tokens.

Affected (8)

Nextcloud
1 product
Nextcloud Server
Configuration A
8 vulnerable
Vulnerable SoftwareAffected Versions
Nextcloud
Nextcloud Server
Before 12.0.11
Nextcloud Server
From 13.0.0 to 13.0.6
Nextcloud Server
Version 14.0.0 beta1
Nextcloud Server
Version 14.0.0 beta2
Nextcloud Server
Version 14.0.0 beta3
Nextcloud Server
Version 14.0.0 beta4
Nextcloud Server
Version 14.0.0 rc1
Nextcloud Server
Version 14.0.0 rc2

Related CWEs

CWE-273
Improper Check for Dropped Privileges
The product attempts to drop privileges but does not check or incorrectly checks to see if the drop succeeded.
CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (4)

Source: support@hackerone.com
Third Party Advisory
Source: support@hackerone.com
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.