CVE-2018-3762 — Improper Access Control in Server

CWE-284 — Improper Access Control CWE-281 — Improper Preservation of Permissions7 documents5 sources

Severity

4.3MEDIUMNVD

EPSS

0.3%

top 46.32%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nextcloud Server

Timeline

PublishedJul 5

Latest updateMay 13

Description

Nextcloud Server before 12.0.8 and 13.0.3 suffers from improper checks of dropped permissions for incoming shares allowing a user to still request previews for files it should not have access to.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages2 packages

▶NVDnextcloud/nextcloud_server13.0.0 — 13.0.3+1

▶CVEListV5nextcloud/nextcloud_server<13.0.3, <12.0.8

🔴Vulnerability Details

GHSA

GHSA-6p7m-f494-cjvp: Nextcloud Server before 12↗2022-05-13

▶

OSV

linux-hwe, linux-azure, linux-gcp vulnerabilities↗2018-09-11

▶

CVEList

CVE-2018-3762: Nextcloud Server before 12↗2018-07-05

▶

💬Community

Bugzilla

CVE-2018-3761 CVE-2018-3762 nextcloud: Two flaws fixed in nextcloud 12.0.8↗2018-07-12

▶

Bugzilla

CVE-2018-3761 CVE-2018-3762 nextcloud: Two flaws fixed in nextcloud 12.0.8 [epel-7]↗2018-07-12

▶

Bugzilla

CVE-2018-3761 CVE-2018-3762 nextcloud: Two flaws fixed in nextcloud 12.0.8 [fedora-all]↗2018-07-12

▶