CVE-2017-0892 — Improper Authorization in Server

CWE-285 — Improper Authorization CWE-384 — Session Fixation9 documents5 sources

Severity

3.5LOWNVD

EPSS

0.2%

top 55.30%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedMay 8

Latest updateMay 13

Description

Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to the files access to the users file.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:NExploitability: 2.1 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server< 11.0.3

▶CVEListV5nextcloud/nextcloud_serverbefore 11.0.3

Patches

Patch: nextcloud.com ↗Patch: nextcloud.com ↗

🔴Vulnerability Details

GHSA

GHSA-v6cm-gq9r-7cpp: Nextcloud Server before 11↗2022-05-13

▶

CVEList

CVE-2017-0892: Nextcloud Server before 11↗2017-05-08

▶

💬Community

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 owncloud: nextcloud: Multiple security issues [epel-7]↗2017-05-16

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 owncloud: nextcloud: Multiple security issues [fedora-all]↗2017-05-16

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 nextcloud: Multiple security issues [fedora-all]↗2017-05-09

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 nextcloud: Multiple security issues [epel-7]↗2017-05-09

▶

Bugzilla

CVE-2017-0890 CVE-2017-0891 CVE-2017-0892 CVE-2017-0893 CVE-2017-0894 CVE-2017-0895 nextcloud: Multiple security issues↗2017-05-09

▶