Lucene search

[email protected]NVD:CVE-2018-16464

HistoryOct 30, 2018 - 9:29 p.m.

CVE-2018-16464

2018-10-3021:29:00

CWE-287

[email protected]

web.nvd.nist.gov

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

Affected configurations

Nvd

Node

nextcloudnextcloud_serverRange<14.0.0

VendorProductVersionCPE
nextcloudnextcloud_server*cpe:2.3:a:nextcloud:nextcloud_server:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
nextcloud	nextcloud_server	*	cpe:2.3:a:nextcloud:nextcloud_server::::::::

References

hackerone.com/reports/146133

nextcloud.com/security/advisory/?id=NC-SA-2018-012

CVSS2

3.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSS3

5.7

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

AI Score

5.6

Confidence

High

EPSS

0.001

Percentile

28.4%

JSON

Related for NVD:CVE-2018-16464

hackerone1 prion1 osv1 cvelist1 cve1 nextcloud1 openvas2