Lucene search

[email protected]NVD:CVE-2018-16463

HistoryOct 30, 2018 - 9:29 p.m.

CVE-2018-16463

2018-10-3021:29:00

CWE-384

[email protected]

web.nvd.nist.gov

3.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

Affected configurations

NVD

Node

nextcloudnextcloud_serverRange<12.0.8

nextcloudnextcloud_serverRange13.0.0–13.0.3

nextcloudnextcloud_serverMatch14.0.0beta1

nextcloudnextcloud_serverMatch14.0.0beta2

nextcloudnextcloud_serverMatch14.0.0beta3

nextcloudnextcloud_serverMatch14.0.0beta4

nextcloudnextcloud_serverMatch14.0.0rc1

nextcloudnextcloud_serverMatch14.0.0rc2

References

hackerone.com/reports/237184

nextcloud.com/security/advisory/?id=NC-SA-2018-013

3.6 Low

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:H/Au:S/C:P/I:P/A:N

3.1 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

HIGH

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:N

3.9 Low

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

22.9%

JSON

Related for NVD:CVE-2018-16463

prion1 osv1 cvelist1 cve1 openvas2 hackerone1 nextcloud1