CVE-2018-16467Sensitive Information Exposure in Server

CWE-200Sensitive Information ExposureCWE-287Improper Authentication6 documents4 sources
Severity
5.3MEDIUMNVD
EPSS
0.2%
top 52.42%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Nextcloud Server
Timeline
PublishedOct 30
Latest updateMay 13

Description

A missing check in Nextcloud Server prior to 14.0.0 could give unauthorized access to the previews of single file password protected shares.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:NExploitability: 3.9 | Impact: 1.4

Affected Packages2 packages

CVEListV5nextcloud/nextcloud_server<14.0.0

🔴Vulnerability Details

2
GHSA
GHSA-wjx4-rv24-8pr4: A missing check in Nextcloud Server prior to 142022-05-13
CVEList
CVE-2018-16467: A missing check in Nextcloud Server prior to 142018-10-30

💬Community

3
Bugzilla
CVE-2018-16467 nextcloud: Improper access control checks for single share previews [epel-7]2018-11-05
Bugzilla
CVE-2018-16467 nextcloud: Improper access control checks for single share previews [fedora-all]2018-11-05
Bugzilla
CVE-2018-16467 nextcloud: Improper access control checks for single share previews2018-11-05
CVE-2018-16467 — Sensitive Information Exposure | cvebase