Lucene search
HackeroneCVELIST:CVE-2017-0936HistoryMar 28, 2018 - 8:00 p.m.
CVE-2017-0936
2018-03-2820:00:00
CWE-639
hackerone
www.cve.org
9
Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither disclosed nor could the error be misused to identify as another user.
CNA Affected
[
{
"product": "Nextcloud Server",
"vendor": "Nextcloud",
"versions": [
{
"status": "affected",
"version": "before 11.0.7 and 12.0.5"
}
]
}
]Related
openvas
openvas
Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Windows
2018-05-02 00:00:00
Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Linux
2018-05-02 00:00:00
nvd
nvd
CVE-2017-0936
2018-03-28 20:29:00
prion
prion
Authorization
2018-03-28 20:29:00
cve
cve
CVE-2017-0936
2018-03-28 20:29:00
hackerone
hackerone
Nextcloud: Registered users can change app password permissions for any user
2017-12-14 04:42:47
osv
osv
CVE-2017-0936
2018-03-28 20:29:00
nessus
nessus
openSUSE Security Update : nextcloud (openSUSE-2018-384)
2018-04-23 00:00:00
nextcloud
nextcloud
App password scope can be changed for other users (NC-SA-2018-001)
2018-02-07 00:00:00