CVE-2018-16464 — Improper Authentication in Server

CWE-287 — Improper Authentication6 documents4 sources

Severity

5.7MEDIUMNVD

EPSS

0.2%

top 55.05%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedOct 30

Latest updateMay 13

Description

A missing access check in Nextcloud Server prior to 14.0.0 could lead to continued access to password protected link shares when the owner had changed the password.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:NExploitability: 2.1 | Impact: 3.6

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server< 14.0.0

▶CVEListV5nextcloud/nextcloud_server<14.0.0

🔴Vulnerability Details

GHSA

GHSA-j92w-qfjr-c5j9: A missing access check in Nextcloud Server prior to 14↗2022-05-13

▶

CVEList

CVE-2018-16464: A missing access check in Nextcloud Server prior to 14↗2018-10-30

▶

💬Community

Bugzilla

CVE-2018-16464 nextcloud: Improper authentication on public shares [epel-7]↗2018-11-05

▶

Bugzilla

CVE-2018-16464 nextcloud: Improper authentication on public shares↗2018-11-05

▶

Bugzilla

CVE-2018-16464 nextcloud: Improper authentication on public shares [fedora-all]↗2018-11-05

▶