CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
21.7%
Nextcloud Server is prone to authorization bypass vulnerability.
# SPDX-FileCopyrightText: 2018 Greenbone AG
# Some text descriptions might be excerpted from (a) referenced
# source(s), and are Copyright (C) by the respective right holder(s).
#
# SPDX-License-Identifier: GPL-2.0-or-later
CPE = "cpe:/a:nextcloud:nextcloud_server";
if (description)
{
script_oid("1.3.6.1.4.1.25623.1.0.813324");
script_version("2024-02-09T05:06:25+0000");
script_cve_id("CVE-2017-0936");
script_tag(name:"cvss_base", value:"4.9");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:S/C:N/I:P/A:P");
script_tag(name:"last_modification", value:"2024-02-09 05:06:25 +0000 (Fri, 09 Feb 2024)");
script_tag(name:"severity_vector", value:"CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N");
script_tag(name:"severity_origin", value:"NVD");
script_tag(name:"severity_date", value:"2019-10-09 23:21:00 +0000 (Wed, 09 Oct 2019)");
script_tag(name:"creation_date", value:"2018-05-02 18:06:32 +0530 (Wed, 02 May 2018)");
script_name("Nextcloud Server Authorization Bypass Vulnerability (May 2018) - Windows");
script_tag(name:"summary", value:"Nextcloud Server is prone to authorization bypass vulnerability.");
script_tag(name:"vuldetect", value:"Checks if a vulnerable version is present on the target host.");
script_tag(name:"insight", value:"The flaw exists due to a missing ownership
check while changing the scope of app passwords of other users.");
script_tag(name:"impact", value:"Successful exploitation will allow an attacker
to change the scope of app passwords of other users. Note that the app passwords
themselves where neither disclosed nor could the error be misused to identify as
another user.");
script_tag(name:"affected", value:"Nextcloud Server before 11.0.7 and 12.0.5.");
script_tag(name:"solution", value:"Upgrade to version 11.0.7 or 12.0.5 or later.");
script_tag(name:"solution_type", value:"VendorFix");
script_tag(name:"qod_type", value:"remote_banner");
script_xref(name:"URL", value:"https://nextcloud.com/security/advisory/?id=nc-sa-2018-001");
script_copyright("Copyright (C) 2018 Greenbone AG");
script_category(ACT_GATHER_INFO);
script_family("Web application abuses");
script_dependencies("gb_nextcloud_detect.nasl", "os_detection.nasl");
script_mandatory_keys("nextcloud/installed", "Host/runs_windows");
exit(0);
}
include("version_func.inc");
include("host_details.inc");
if(!port = get_app_port(cpe:CPE))
exit(0);
if(!infos = get_app_version_and_location(cpe:CPE, port:port, exit_no_version:TRUE))
exit(0);
vers = infos["version"];
path = infos["location"];
if(version_is_less(version:vers, test_version:"11.0.7")) {
fix = "11.0.7";
}
else if(version_in_range(version:vers, test_version:"12.0", test_version2:"12.0.4")) {
fix = "12.0.5";
}
if(fix) {
report = report_fixed_ver(installed_version:vers, fixed_version:fix, install_path:path);
security_message(port:port, data:report);
exit(0);
}
exit(99);
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
NONE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:N/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
HIGH
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N
AI Score
Confidence
High
EPSS
Percentile
21.7%