CVE-2018-3761 — Improper Authentication in Server

CWE-287 — Improper Authentication9 documents5 sources

Severity

8.1HIGHNVD

EPSS

0.6%

top 30.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedJul 5

Latest updateMay 13

Description

Nextcloud Server before 12.0.8 and 13.0.3 suffer from improper authentication on the OAuth2 token endpoint. Missing checks potentially allowed handing out new tokens in case the OAuth2 client was partly compromised.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:NExploitability: 2.8 | Impact: 5.2

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server13.0.0 — 13.0.3+1

▶CVEListV5nextcloud/nextcloud_server<13.0.3, <12.0.8

🔴Vulnerability Details

GHSA

GHSA-frc3-rhfw-jxf5: Nextcloud Server before 12↗2022-05-13

▶

OSV

firefox regressions↗2018-09-17

▶

OSV

firefox regressions↗2018-09-13

▶

CVEList

CVE-2018-3761: Nextcloud Server before 12↗2018-07-05

▶

💬Community

Bugzilla

CVE-2018-16863 ghostscript: incomplete fix for CVE-2018-16509↗2018-11-23

▶

Bugzilla

CVE-2018-3761 CVE-2018-3762 nextcloud: Two flaws fixed in nextcloud 12.0.8↗2018-07-12

▶

Bugzilla

CVE-2018-3761 CVE-2018-3762 nextcloud: Two flaws fixed in nextcloud 12.0.8 [epel-7]↗2018-07-12

▶

Bugzilla

CVE-2018-3761 CVE-2018-3762 nextcloud: Two flaws fixed in nextcloud 12.0.8 [fedora-all]↗2018-07-12

▶