CVE-2018-16463 — Session Fixation in Server

CWE-384 — Session Fixation6 documents4 sources

Severity

3.1LOWNVD

EPSS

0.1%

top 67.28%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedOct 30

Latest updateMay 13

Description

A bug causing session fixation in Nextcloud Server prior to 14.0.0, 13.0.3 and 12.0.8 could potentially allow an attacker to obtain access to password protected shares.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:NExploitability: 0.5 | Impact: 2.5

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server13.0.0 — 13.0.3+2

▶CVEListV5nextcloud/nextcloud_server<14.0.0, <13.0.3, <12.0.8

🔴Vulnerability Details

GHSA

GHSA-67vq-qwwf-fc2h: A bug causing session fixation in Nextcloud Server prior to 14↗2022-05-13

▶

CVEList

CVE-2018-16463: A bug causing session fixation in Nextcloud Server prior to 14↗2018-10-30

▶

💬Community

Bugzilla

CVE-2018-16463 nextcloud: session fixation could allow to obtain access to password protected shares↗2018-11-05

▶

Bugzilla

CVE-2018-16463 nextcloud: session fixation could allow to obtain access to password protected shares [epel-7]↗2018-11-05

▶

Bugzilla

CVE-2018-16463 nextcloud: session fixation could allow to obtain access to password protected shares [fedora-all]↗2018-11-05

▶