Lucene search
NoumarH1:343111HistoryApr 25, 2018 - 5:03 p.m.
Nextcloud: OAuth2 Access Token and App Password Security Vulnerability
2018-04-2517:03:37
noumar
hackerone.com
120
EPSS
0.002
Percentile
57.4%
The OAuth2 endpoint of the Nextcloud server was not following RFC6749. The server did not perform required verification of provided data. And the server did not properly rotate and expire access tokens. In case of a compromised OAuth client this could lead to unauthorized access.
After working together with @noumar the issues have been resolved.
Related
cve
cve
CVE-2018-3761
2018-07-05 16:29:00
nextcloud
nextcloud
Improper validation on OAuth2 token endpoint (NC-SA-2018-003)
2018-06-21 00:00:00
prion
prion
Authentication flaw
2018-07-05 16:29:00
nvd
nvd
CVE-2018-3761
2018-07-05 16:29:00
osv
osv
CVE-2018-3761
2018-07-05 16:29:00
openvas
openvas
Nextcloud Server < 12.0.8, < 13.0.3 Improper Input Vulnerability (NC-SA-2018-003)
2020-02-07 00:00:00
openSUSE: Security Advisory for nextcloud (openSUSE-SU-2018:1924-1)
2018-07-12 00:00:00
cvelist
cvelist
CVE-2018-3761
2018-07-05 16:00:00
nessus
nessus
openSUSE Security Update : nextcloud (openSUSE-2019-511)
2019-03-27 00:00:00
openSUSE Security Update : nextcloud (openSUSE-2018-712)
2018-07-12 00:00:00
redhatcve
redhatcve
CVE-2018-3761
2022-05-20 23:29:36
suse
suse
Security update for nextcloud (moderate)
2018-07-11 21:07:57